cups-lpd/cups security vulnerability (chkconfig --list | grep cups ==> equivalent to lpd in Solaris/HPUX?)

Posted on 2008-10-14
Last Modified: 2012-05-05
CUPS security vulnerability - how to determine if Unix servers are affectedQuestion: Hi,

I received following security note from our security team.  Apreciate if someone
can give me the specific command to determine if I'm affected.  Is it 'cups' or
'cups-lpd'  that this vulnerability(see below)  is referring to
In Linux  "chkconfig --list | grep -i cups"   listed 2 services :
cups-lpd  &  cups

what's the Tcp/Udp port cups & cups-lpd uses?

Is this vulnerability applicable to Solaris & HP-UX's   lp or print services?

I suppose to disable them, it's just
"chkconfig cups off" &
"chkconfig cups-lpd off"
If the Linux box is rebooted, will this continue to be
disabled or it will revert back to "on" again.

Security notification I received is as follows :

Some vulnerabilities have been reported in CUPS (Common UNIX Printing System), which potentially can be exploited by malicious people to execute arbitrary code on the target system.

1) Two boundary errors exist in the implementation of the HP-GL/2 filter. These can be exploited to cause buffer overflows via HP-GL/2 files containing overly large pen numbers.

2) A boundary error exists within the "read_rle16()" function when processing SGI (Silicon Graphics Image) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted SGI file.

3) An integer overflow error exists within the "WriteProlog()" function included in the "texttops" utility. This can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Update to version 1.3.9.

[Affected System]
Operating Systems running CUPS version prior to 1.3.9.

Question by:sunhux
LVL 51

Assisted Solution

ahoffmann earned 150 total points
ID: 22716288
> .. command to determine if I'm affected ..
  su root -c "ps ax"|grep -i cups
  su root -c "ps -el"|grep -i cups
  su root -c 'grep -i cups /etc/{x,}inetd.conf /etc/xinetd.d/*'
if any of the commands reports something you're probably affected.

2) cups does not use a specific port usually, may be 631
4) this will disable cups after reboot (if your systemsupports chkconfig

Assisted Solution

ckhsu1977 earned 20 total points
ID: 22716336
what version of cups does the system have?
LVL 62

Accepted Solution

gheist earned 330 total points
ID: 22726738
!) who cares -automatic scanners do fail
2) as a client or as a server? basically 631 for management webserver and IPP and anything thats used by LPD and Smaba if they are in use
3) No. But they have their own vulnerabilities.
4) do /etc/init.d/cups stop
and see which of other services launches CUPS. I suspect Samba

To fix:
You should list packages
rpm -q cups

And update them via normal means:
yum update
zypper up
or smth like that (depends on system)

If you had CUPS 1.2.x then config files changed from to XML and you should redo all configuration.

Workarounds & other thoughts:
1) HP-GL2 filter is used for HP plotters, so you are vulnerable if you have one (in this case I assume you already use Windows driver that produces HP-GL2 and cups filtering is not used, so you can use nothing for plotter filter)
2) Actually SGI RLE compressed bitmaps are produced only by IRIX (and by malicious users)
3) You can use a2ps (very old tool) to replace texttops, if you actually do print text files like from windows with Generic/Text driver


Author Comment

ID: 22756506
Thanks, I found it's only our Linux boxes have them enabled
(chkconfig --list | grep -i cup) while the Solaris & HP-UX don't.

Since we don't need cups, I've done "chkconfig --level 012345 cups... off"
LVL 62

Expert Comment

ID: 22757608
You can uninstall cups afterwards. Or update. Or at least look into updating packages. And examine startup packages - I dont think you need numlock and acon running for instance...
 HP-UX and Solaris does not use cups, they use their own LPD that can be complemeted with extra drivers and IPP support by adding CUPS.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question