Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Dec 2002 20:06:00 -0800
From:      "Derrick Ryalls" <ryallsd@datasphereweb.com>
To:        <questions@FreeBSD.ORG>
Subject:   RE: Cups vulnerability (ala Slashdot)
Message-ID:  <000001c2a7dd$1e2b9960$0200a8c0@bartxp>
In-Reply-To: <Pine.GSO.4.44L0.0212192100360.17108-100000@shell.core.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG=20
> [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Steven Lake
> Sent: Thursday, December 19, 2002 7:03 PM
> To: questions@FreeBSD.ORG
> Subject: Cups vulnerability (ala Slashdot)
>=20
>=20
> 	Hi all.  Just checking in with the experts.  Read about=20
> this potential root exploit vulnerability on slashdot about=20
> the CUPS printing system in unix and wanted to see if it was=20
> anything to worry about or no.
>=20
> Here's the advisory:  http://www.idefense.com/advisory/12.19.02.txt
>=20
> 	Just being sure that it won't affect me.  If I have=20
> samba setup to do print serving, would this affect me?
>=20

don't know if you would be affected, but this is what I would have
listed in /etc/hosts.allow:

cupsd : localhost 127.0.0.1 : allow
cupsd : 192.168. : allow
cupsd : 10. : allow
cupsd : all : deny

This allows localhost and all internal ips to use it, but nothing else.
You can lock it down even tighter, but this gives you the general idea.

>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000001c2a7dd$1e2b9960$0200a8c0>