Slashdot Mirror

← Back to Stories (view on slashdot.org)

CUPS Security Vulnerabilities

Posted by CowboyNeal on from the leaving-the-door-open dept.

Buck Naked writes "A slew of vulnerabilities was discovered in CUPS, from the advisory: 'Exploitation of multiple CUPS vulnerabilities allow local and remote attackers in the worst of the scenarios to gain root privileges...' The full advisory can be found at iDEFENSE."

6 of 155 comments (clear)

  1. Impressive List & Response by goldid · · Score: 4, Interesting

    I'd just like to note how good the response is. The list of vulnerabilities is well stated and very complete. Furthermore, the time line of events is excellent and patching was superb and fast. My OS X box was patched before I even knew about the vulnerability. Thanks to iDEFENSE and zen-parse.

    1. Re:Impressive List & Response by Anonymous Coward · · Score: 1, Interesting

      Yes, but your OS X box was patched over a month after the first person to find these holes knew about them. How many people might've come to know about them in that time? But I spose it's a good thing your box was patched before you knew about it, no chance of that you 0wned your own box beforehand.

  2. Re:CUPS is still the best solution by Anonymous Coward · · Score: 1, Interesting

    Looks like about 24 hours to me. iDEFENSE didn't inform the developer until the twelfth. He had a preliminary patch on the SAME DAY and an updated patch the following day.

    iDEFENSE sat on it for a month, not the developer.

  3. What is CUPS, you ask? by RumpRoast · · Score: 2, Interesting
    More info here.

    I never really understood what made it better than straight up lpd. Perhaps one of you could enlighten me?

    --

    My Ass hurts.
  4. Re:Am I Affected? by tres · · Score: 2, Interesting
    At first, I read your subject, Am I affected? and I thought to myself, "this guy must be stupid if he doesn't know whether this has an effect on him.

    Then I read the first line, and it was crystal

    I use Windows 2000 Server.
    Funny, but I don't see 80% of the people posting in support of the crap posing as software coming out of Redmond.

    And you--you've got to be AC to admit to using that shit, don't you?

    --
    Notes From Under *nix: blas.phemo.us
  5. Re:Whew! by friedmud · · Score: 3, Interesting

    Please don't take this as trolling....

    But have you seen KDE's print menu/system?? It works directly with cups and is actually easier to use than even MS's printer installer.

    KDE 3.1 improved things even more, and now the whole system is very sweet. Give it a try.

    Derek