iDEFENSE Security Advisory 12.19.02:
Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
December 19, 2002
Easy Software Products' Common Unix Printing System (CUPS) is a
cross-platform printing solution for Unix environments. It is based on the
"Internet Printing Protocol," and provides complete printing services to
most PostScript and raster printers. CUPS has a web-based graphical
interface for printer management and is available on most Linux systems.
More information is available at http://www.cups.org
The following major vendors are known to distribute CUPS by default; in
some cases, it is the default printing implementation used as well:
Apple Computer Inc.
Red Hat Inc.
Slackware Linux Inc.
The SCO Group
Exploitation of multiple CUPS vulnerabilities allow local and remote
attackers in the worst of the scenarios to gain root privileges. The
following test platforms were used for various parts of this advisory:
 - Red Hat Linux 7.0 running CUPS-1.1.14-5 (RPM)
 - Red Hat Linux 7.3 running CUPS-1.1.14-15 (RPM)
 - Red Hat Linux 7.3 running CUPS-1.1.17 (Source Install)