?
Solved

cups-lpd/cups security vulnerability (chkconfig --list | grep cups ==> equivalent to lpd in Solaris/HPUX?)

Posted on 2008-10-14
5
Medium Priority
?
1,236 Views
Last Modified: 2012-05-05
CUPS security vulnerability - how to determine if Unix servers are affectedQuestion: Hi,

!)
I received following security note from our security team.  Apreciate if someone
can give me the specific command to determine if I'm affected.  Is it 'cups' or
'cups-lpd'  that this vulnerability(see below)  is referring to
In Linux  "chkconfig --list | grep -i cups"   listed 2 services :
cups-lpd  &  cups

2)
what's the Tcp/Udp port cups & cups-lpd uses?

3)
Is this vulnerability applicable to Solaris & HP-UX's   lp or print services?

4)
I suppose to disable them, it's just
"chkconfig cups off" &
"chkconfig cups-lpd off"
If the Linux box is rebooted, will this continue to be
disabled or it will revert back to "on" again.


Security notification I received is as follows :

[Summary]
Some vulnerabilities have been reported in CUPS (Common UNIX Printing System), which potentially can be exploited by malicious people to execute arbitrary code on the target system.

1) Two boundary errors exist in the implementation of the HP-GL/2 filter. These can be exploited to cause buffer overflows via HP-GL/2 files containing overly large pen numbers.

2) A boundary error exists within the "read_rle16()" function when processing SGI (Silicon Graphics Image) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted SGI file.

3) An integer overflow error exists within the "WriteProlog()" function included in the "texttops" utility. This can be exploited to cause a heap-based buffer overflow via a specially crafted file.

[Solution/Workaround]
Update to version 1.3.9.

[Affected System]
Operating Systems running CUPS version prior to 1.3.9.

[Reference]
http://cups.org/articles.php?L575
http://www.cups.org/str.php?L2911
http://www.cups.org/str.php?L2918
http://www.cups.org/str.php?L2919
http://secunia.com/advisories/32226/
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 600 total points
ID: 22716288
> .. command to determine if I'm affected ..
  su root -c "ps ax"|grep -i cups
  su root -c "ps -el"|grep -i cups
  su root -c 'grep -i cups /etc/{x,}inetd.conf /etc/xinetd.d/*'
if any of the commands reports something you're probably affected.

2) cups does not use a specific port usually, may be 631
4) this will disable cups after reboot (if your systemsupports chkconfig
0
 
LVL 3

Assisted Solution

by:ckhsu1977
ckhsu1977 earned 80 total points
ID: 22716336
what version of cups does the system have?
0
 
LVL 62

Accepted Solution

by:
gheist earned 1320 total points
ID: 22726738
!) who cares -automatic scanners do fail
2) as a client or as a server? basically 631 for management webserver and IPP and anything thats used by LPD and Smaba if they are in use
3) No. But they have their own vulnerabilities.
4) do /etc/init.d/cups stop
and see which of other services launches CUPS. I suspect Samba

To fix:
You should list packages
rpm -q cups

And update them via normal means:
yum update
or
zypper up
or smth like that (depends on system)

If you had CUPS 1.2.x then config files changed from to XML and you should redo all configuration.

Workarounds & other thoughts:
1) HP-GL2 filter is used for HP plotters, so you are vulnerable if you have one (in this case I assume you already use Windows driver that produces HP-GL2 and cups filtering is not used, so you can use nothing for plotter filter)
2) Actually SGI RLE compressed bitmaps are produced only by IRIX (and by malicious users)
3) You can use a2ps (very old tool) to replace texttops, if you actually do print text files like from windows with Generic/Text driver

0
 

Author Comment

by:sunhux
ID: 22756506
Thanks, I found it's only our Linux boxes have them enabled
(chkconfig --list | grep -i cup) while the Solaris & HP-UX don't.

Since we don't need cups, I've done "chkconfig --level 012345 cups... off"
0
 
LVL 62

Expert Comment

by:gheist
ID: 22757608
You can uninstall cups afterwards. Or update. Or at least look into updating packages. And examine startup packages - I dont think you need numlock and acon running for instance...
 HP-UX and Solaris does not use cups, they use their own LPD that can be complemeted with extra drivers and IPP support by adding CUPS.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month14 days, 6 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question