GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Sat Oct 09, 2004 6:29 pm Post subject: [ GLSA 200410-06 ] CUPS: Leakage of sensitive information |
|
|
Gentoo Linux Security Advisory
Title: CUPS: Leakage of sensitive information (GLSA 200410-06)
Severity: normal
Exploitable: local
Date: October 09, 2004
Bug(s): #66501
ID: 200410-06
Synopsis
CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.
Background
The Common UNIX Printing System (CUPS) is a cross-platform print spooler.
Affected Packages
Package: net-print/cups
Vulnerable: <= 1.1.20-r2
Vulnerable: = 1.1.21
Unaffected: >= 1.1.20-r3 < 1.1.21
Unaffected: >= 1.1.21-r1
Architectures: All supported architectures
Description
When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile.
Impact
A local user could gain knowledge of sensitive authentication data.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version: Code: | # emerge sync
# emerge -pv ">=net-print/cups-1.1.20-r3"
# emerge ">=net-print/cups-1.1.20-r3" |
References
CAN-2004-0923
Last edited by GLSA on Sun May 07, 2006 4:52 pm; edited 1 time in total |
|