Joined: 13 Jun 2003
Location: Barcelona, Spain
|Posted: Sat Oct 09, 2004 6:29 pm Post subject: [ GLSA 200410-06 ] CUPS: Leakage of sensitive information
|Gentoo Linux Security Advisory
Title: CUPS: Leakage of sensitive information (GLSA 200410-06)
Date: October 09, 2004
CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.
The Common UNIX Printing System (CUPS) is a cross-platform print spooler.
Vulnerable: <= 1.1.20-r2
Vulnerable: = 1.1.21
Unaffected: >= 1.1.20-r3 < 1.1.21
Unaffected: >= 1.1.21-r1
Architectures: All supported architectures
When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile.
A local user could gain knowledge of sensitive authentication data.
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
|# emerge sync
# emerge -pv ">=net-print/cups-1.1.20-r3"
# emerge ">=net-print/cups-1.1.20-r3"
Last edited by GLSA on Sun May 07, 2006 4:52 pm; edited 1 time in total