USN-185-1: CUPS vulnerability

20 September 2005

cupsys vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

A flaw was detected in the printer access control list checking in the CUPS server. Printer names were compared in a case sensitive manner; by modifying the capitalization of printer names, a remote attacker could circumvent ACLs and print to printers he should not have access to.

The Ubuntu 5.04 version of cupsys is not vulnerable against this.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
cupsys

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References