Home page logo

oss-sec logo oss-sec mailing list archives

Re: Privilege escalation (lpadmin -> root) in cups
From: Yves-Alexis Perez <corsac () debian org>
Date: Sun, 11 Nov 2012 20:29:41 +0100

On sam., 2012-11-10 at 14:01 +0100, Yves-Alexis Perez wrote:
On sam., 2012-11-10 at 13:49 +0100, Yves-Alexis Perez wrote:

a Debian user reported a bug in our BTS concerning cupsd. The bug is
available at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791 and
upstream bug at http://www.cups.org/str.php?L4223 (restricted because
it's tagged security).

By the way, it seems that the CUPS security contact at
http://oss-security.openwall.org/wiki/software#cups doesn't work, I just
received a bounce. Does someone know a mail address to reach them?

Followup on that:

I had the information by the person reporting the bug #4223. He had an
answer there that the security contact for Apple was security () apple com
and the one for CUPS was security () cups org (which was notified because
the bug was tagged security).

I've edited the wiki to correct the information there.


Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]