Package: cups-pdf
Version: 2.4.2-1
Severity: critical
Justification: root security hole
Tags: security
Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read
parts of any file. End of file is printed by Ghostscript in error report.
Execution of this command as unprivileged user
On 2/2/07, Grzegorz Żur [EMAIL PROTECTED] wrote:
Package: cups-pdf
Version: 2.4.2-1
Severity: critical
Justification: root security hole
Tags: security
Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read
parts of any file. End of file is printed by Ghostscript in error report.
I am the CUPS-PDF developer. Though I am not using Debian I am quite
confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS
v1.2.x environments (so unprivileged users should not even be able to
execute it). Furthermore CUPS-PDF is explicitely not meant to be
installed SUID 'root'
Volker Christian Behr wrote:
I am the CUPS-PDF developer. Though I am not using Debian I am quite
confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS
v1.2.x environments (so unprivileged users should not even be able to
execute it). Furthermore CUPS-PDF is explicitely not
On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote:
Please check the permissions of the CUPS-PDF backend and GS - neither
should be SUID 'root' under any circumstances. CUPS-PDF should even more
be mode 700 executable by 'root' only. If this is not the case in the
default installation it
On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote:
On Fri, 2007-02-02 at 13:49 +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine
wrote:
On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote:
Please check the permissions of the CUPS-PDF backend and GS - neither
should be SUID 'root'
On Fri, 2007-02-02 at 13:49 +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine
wrote:
On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote:
Please check the permissions of the CUPS-PDF backend and GS - neither
should be SUID 'root' under any circumstances. CUPS-PDF should even more
be mode 700
On Fri, Feb 02, 2007 at 01:49:30PM +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine
wrote:
On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote:
Please check the permissions of the CUPS-PDF backend and GS - neither
should be SUID 'root' under any circumstances. CUPS-PDF should even more
be
8 matches
Mail list logo