mailing list archives
Re: Vulnerabilities in Oki CUPS printer drivers
From: Guido Berhoerster <guido+openwall.com () berhoerster name>
Date: Wed, 14 Nov 2012 19:11:12 +0100
* Kurt Seifried <kseifried () redhat com> [2012-11-14 18:42]:
-----BEGIN PGP SIGNED MESSAGE-----
On 09/18/2012 02:21 AM, Guido Berhoerster wrote:
Vulnerabilities in Oki CUPS printer drivers
The following describes a security vulnerability in several Oki
CUPS drivers. While I'm not aware that these drivers are packaged
in any ditribution, they are free software (licensed under the GPL
v2 or later) and made available via the Oki website and their FTP
server so I hope this is on topic here.
Apologies for the delay on this, the files are no longer available on
the Oki ftpsite, so I assume the vendor "fixed" this by removing them?
I managed to dig up some copies of the file through google but they
don't contain the okijobaccounting script or the
rastertookimonochrome. So I can't confirm this (can anyone other than
the original reporter? (e.g. iSIGHT or iDefense? I'm pretty sure you
guys cover Oki as a vendor =).
AFAICS all drivers have been replaced now, the new filter scripts
seem to use /bin/mktemp and $TMPDIR which is set by CUPS.
I have the vulnerable driver versions archieved and can make them
available on request.