[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

cups-lpd/cups security vulnerability (chkconfig --list | grep cups ==> equivalent to lpd in Solaris/HPUX?)

Posted on 2008-10-14
5
Medium Priority
?
1,242 Views
Last Modified: 2012-05-05
CUPS security vulnerability - how to determine if Unix servers are affectedQuestion: Hi,

!)
I received following security note from our security team.  Apreciate if someone
can give me the specific command to determine if I'm affected.  Is it 'cups' or
'cups-lpd'  that this vulnerability(see below)  is referring to
In Linux  "chkconfig --list | grep -i cups"   listed 2 services :
cups-lpd  &  cups

2)
what's the Tcp/Udp port cups & cups-lpd uses?

3)
Is this vulnerability applicable to Solaris & HP-UX's   lp or print services?

4)
I suppose to disable them, it's just
"chkconfig cups off" &
"chkconfig cups-lpd off"
If the Linux box is rebooted, will this continue to be
disabled or it will revert back to "on" again.


Security notification I received is as follows :

[Summary]
Some vulnerabilities have been reported in CUPS (Common UNIX Printing System), which potentially can be exploited by malicious people to execute arbitrary code on the target system.

1) Two boundary errors exist in the implementation of the HP-GL/2 filter. These can be exploited to cause buffer overflows via HP-GL/2 files containing overly large pen numbers.

2) A boundary error exists within the "read_rle16()" function when processing SGI (Silicon Graphics Image) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted SGI file.

3) An integer overflow error exists within the "WriteProlog()" function included in the "texttops" utility. This can be exploited to cause a heap-based buffer overflow via a specially crafted file.

[Solution/Workaround]
Update to version 1.3.9.

[Affected System]
Operating Systems running CUPS version prior to 1.3.9.

[Reference]
http://cups.org/articles.php?L575
http://www.cups.org/str.php?L2911
http://www.cups.org/str.php?L2918
http://www.cups.org/str.php?L2919
http://secunia.com/advisories/32226/
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 600 total points
ID: 22716288
> .. command to determine if I'm affected ..
  su root -c "ps ax"|grep -i cups
  su root -c "ps -el"|grep -i cups
  su root -c 'grep -i cups /etc/{x,}inetd.conf /etc/xinetd.d/*'
if any of the commands reports something you're probably affected.

2) cups does not use a specific port usually, may be 631
4) this will disable cups after reboot (if your systemsupports chkconfig
0
 
LVL 3

Assisted Solution

by:ckhsu1977
ckhsu1977 earned 80 total points
ID: 22716336
what version of cups does the system have?
0
 
LVL 62

Accepted Solution

by:
gheist earned 1320 total points
ID: 22726738
!) who cares -automatic scanners do fail
2) as a client or as a server? basically 631 for management webserver and IPP and anything thats used by LPD and Smaba if they are in use
3) No. But they have their own vulnerabilities.
4) do /etc/init.d/cups stop
and see which of other services launches CUPS. I suspect Samba

To fix:
You should list packages
rpm -q cups

And update them via normal means:
yum update
or
zypper up
or smth like that (depends on system)

If you had CUPS 1.2.x then config files changed from to XML and you should redo all configuration.

Workarounds & other thoughts:
1) HP-GL2 filter is used for HP plotters, so you are vulnerable if you have one (in this case I assume you already use Windows driver that produces HP-GL2 and cups filtering is not used, so you can use nothing for plotter filter)
2) Actually SGI RLE compressed bitmaps are produced only by IRIX (and by malicious users)
3) You can use a2ps (very old tool) to replace texttops, if you actually do print text files like from windows with Generic/Text driver

0
 

Author Comment

by:sunhux
ID: 22756506
Thanks, I found it's only our Linux boxes have them enabled
(chkconfig --list | grep -i cup) while the Solaris & HP-UX don't.

Since we don't need cups, I've done "chkconfig --level 012345 cups... off"
0
 
LVL 62

Expert Comment

by:gheist
ID: 22757608
You can uninstall cups afterwards. Or update. Or at least look into updating packages. And examine startup packages - I dont think you need numlock and acon running for instance...
 HP-UX and Solaris does not use cups, they use their own LPD that can be complemeted with extra drivers and IPP support by adding CUPS.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question