Slashdot Mirror

← Back to Stories (view on slashdot.org)

CUPS Security Vulnerabilities

Posted by CowboyNeal on from the leaving-the-door-open dept.

Buck Naked writes "A slew of vulnerabilities was discovered in CUPS, from the advisory: 'Exploitation of multiple CUPS vulnerabilities allow local and remote attackers in the worst of the scenarios to gain root privileges...' The full advisory can be found at iDEFENSE."

9 of 155 comments (clear)

  1. First Post. by bobdole34 · · Score: -1, Troll

    W00t
    all your post are belong to bobdole.

    --
    "Failure of Windows operating systems is extremely rare. If it happens, it is usually due to operating system file c
  2. Secure? You wish. by Anonymous Coward · · Score: -1, Troll

    I guess this just goes to show why people don't want to move to open source software. Not only is it difficult to use, it's just as buggy as all other code out there.

  3. ANOTHER FREEBSD SPLOIT? by Anonymous Coward · · Score: -1, Troll

    Could it be?!?

    Down with the DEVIL!

  4. Re:MY 100th post!!! by Anonymous Coward · · Score: -1, Troll

    hey trotski, your ideology is dead. People don't want communism. go to hell.

  5. Re:Lets see ... by Anonymous Coward · · Score: -1, Troll

    I wish your computer would explode and that you would be impaled by the monitor shrapnel, and suffer a slow painful death. (and consequently, never post to Slashdot again)

  6. Re:CUPS is still the best solution by Anonymous Coward · · Score: -1, Troll

    "Looks like about 24 hours to me. iDEFENSE didn't inform the developer until the twelfth. He had a preliminary patch on the SAME DAY and an updated patch the following day."

    Wow nice spin but still the problem exsisted for longer than the 24 hours you cited. CUPS is arguably the most modern and essential UNIX broadly used service to come about in a while. What happened to the many eyes tennant of opensource? From the users one would hope, says the model. Were they just not interested and so a paid group did the looking for them?

    "iDEFENSE sat on it for a month, not the developer."

    The whole opensource community let it sit for much longer because it seems even with source no one else found it and reported it. Lots of free source but where is the auditing? What if iDEFENSE "sat" on it longer, then what?

    The freedom to use and tweak seems to carry with it a practicle responsibility to do just that and more importantly a moral responsibility to share your findings with the users of the softwares community.

    pm

  7. Bugs not found by accident by Rat+Tank · · Score: 0, Troll

    So these dangerous exploits were found by a source code review (as opposed to a script kiddy striking it lucky), which was only possible due to the open source nature of CUPS. Now that this advisory has taught hackers how to compromise a great many lunix machines, isn't it worth considering that CUPs would have been so much more secure had it been a closed source project? It's simple logic that only the most blatant troll could disagree with; source closed --> exploits never found --> hackers can't exploit CUPs.

  8. IN NAZI GERMANY... by Anonymous Coward · · Score: -1, Troll

    you could be shot for being old!

  9. Where is Linux-Mandrake??? by MsGeek · · Score: 1, Troll
    OK mes amis...I'm waiting for the official security update, and it ain't here yet! C'mon! Get on the stick, man! Debian, Red Hat and Apple have the update NOW, why do we have to fsckn wait???

    I am seriously looking at paying my money and getting the newest version of Libranet. I am enjoying Mandrake 9 now but am getting very tired of waiting for packages getting onto urpmi. It took Linux-Mandrake two weeks to fix Samba, and that was a pretty important update.

    --
    Knowledge is power. Knowledge shared is power multiplied.