Debian: Critical CUPS Remote Misuse Advisory - Update Required
debian
November 19, 2000
Mandrake has recently released a security advisory against CUPSraising two issues
Topics Covered
Summary
Mandrake has recently released a security advisory against CUPS
raising two issues:
1. CUPS sends broadcast packets, which can keep dial-on-demand lines
up and otherwise irritate network administrators.
2. CUPS has a rather vague problem to the effect of "everyone on the
Internet can get to your printers".
The first problem is not a problem either in Debian's potato (2.2) or
woody (unstable). Our cupsys packages are shipped with browsing
turned off by default.
The second problem has to do with CUPS's configuration. CUPS does
access control in a similar way to Apache, and is configured by
default in a similar way to Apache. This isn't terribly appropriate
in the case of allowing people to attach to printers. Administrative
tasks still aren't allowed, but Internet users could (for example) run
all the paper out of your printer. Debian as shipped in potato and
woody is vulnurable to this latter problem.
The fix is simply to configure access control to reflect your real
wishes, which is...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: cupsys
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!