Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Vulnerabilities in Oki CUPS printer drivers
From: Guido Berhoerster <guido+openwall.com () berhoerster name>
Date: Wed, 14 Nov 2012 19:11:12 +0100

* Kurt Seifried <kseifried () redhat com> [2012-11-14 18:42]:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/18/2012 02:21 AM, Guido Berhoerster wrote:

Vulnerabilities in Oki CUPS printer drivers

The following describes a security vulnerability in several Oki 
CUPS drivers. While I'm not aware that these drivers are packaged 
in any ditribution, they are free software (licensed under the GPL 
v2 or later) and made available via the Oki website and their FTP 
server so I hope this is on topic here.

Apologies for the delay on this, the files are no longer available on
the Oki ftpsite, so I assume the vendor "fixed" this by removing them?
I managed to dig up some copies of the file through google but they
don't contain the okijobaccounting script or the
rastertookimonochrome. So I can't confirm this (can anyone other than
the original reporter? (e.g. iSIGHT or iDefense? I'm pretty sure you
guys cover Oki as a vendor =).


AFAICS all drivers have been replaced now, the new filter scripts
seem to use /bin/mktemp and $TMPDIR which is set by CUPS.
I have the vulnerable driver versions archieved and can make them
available on request.
-- 
Guido Berhoerster


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]