When an SMB printer is configured, CUPS stores plain text login information to the log file.
CUPS is a cross-platform printing system for UNIX environments. It can use the IPP, LPD, SMB, and JetDirect protocols to interact with printers. The SMB protocol is used to communicate with printers that are shared via Microsoft Windows or other SMB-compatible software such as Samba. When an SMB printer is added or modified, the connection string for the printer is written to the log file in plain text. This connection string will contain a username and password if authentication is required for the printer.
A local authenticated user may be able to retrieve the usernames and passwords for other accounts.
Apply a patch from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document.
Hitachi Not Affected
NETBSD Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
Thanks to Gary Smith for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2004-11-19|
|Date Last Updated:||2004-12-17 19:05 UTC|