Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 14 Nov 2012 19:11:12 +0100
From: Guido Berhoerster <guido+openwall.com@...hoerster.name>
To: oss-security@...ts.openwall.com
Subject: Re: Vulnerabilities in Oki CUPS printer drivers

* Kurt Seifried <kseifried@...hat.com> [2012-11-14 18:42]:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 09/18/2012 02:21 AM, Guido Berhoerster wrote:
> > 
> > Vulnerabilities in Oki CUPS printer drivers
> > 
> > The following describes a security vulnerability in several Oki 
> > CUPS drivers. While I'm not aware that these drivers are packaged 
> > in any ditribution, they are free software (licensed under the GPL 
> > v2 or later) and made available via the Oki website and their FTP 
> > server so I hope this is on topic here.
> 
> Apologies for the delay on this, the files are no longer available on
> the Oki ftpsite, so I assume the vendor "fixed" this by removing them?
> I managed to dig up some copies of the file through google but they
> don't contain the okijobaccounting script or the
> rastertookimonochrome. So I can't confirm this (can anyone other than
> the original reporter? (e.g. iSIGHT or iDefense? I'm pretty sure you
> guys cover Oki as a vendor =).
> 

AFAICS all drivers have been replaced now, the new filter scripts
seem to use /bin/mktemp and $TMPDIR which is set by CUPS.
I have the vulnerable driver versions archieved and can make them
available on request.
-- 
Guido Berhoerster

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.