oss-sec mailing list archives
Re: Vulnerabilities in Oki CUPS printer drivers
From: Guido Berhoerster <guido+openwall.com () berhoerster name>
Date: Wed, 14 Nov 2012 19:11:12 +0100
* Kurt Seifried <kseifried () redhat com> [2012-11-14 18:42]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/18/2012 02:21 AM, Guido Berhoerster wrote:Vulnerabilities in Oki CUPS printer drivers The following describes a security vulnerability in several Oki CUPS drivers. While I'm not aware that these drivers are packaged in any ditribution, they are free software (licensed under the GPL v2 or later) and made available via the Oki website and their FTP server so I hope this is on topic here.Apologies for the delay on this, the files are no longer available on the Oki ftpsite, so I assume the vendor "fixed" this by removing them? I managed to dig up some copies of the file through google but they don't contain the okijobaccounting script or the rastertookimonochrome. So I can't confirm this (can anyone other than the original reporter? (e.g. iSIGHT or iDefense? I'm pretty sure you guys cover Oki as a vendor =).
AFAICS all drivers have been replaced now, the new filter scripts seem to use /bin/mktemp and $TMPDIR which is set by CUPS. I have the vulnerable driver versions archieved and can make them available on request. -- Guido Berhoerster
Current thread:
- Re: Vulnerabilities in Oki CUPS printer drivers Kurt Seifried (Nov 14)
- Re: Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster (Nov 14)