iDEFENSE Security Advisory 12.19.02:
Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
December 19, 2002


Easy Software Products' Common Unix Printing System (CUPS) is a
cross-platform printing solution for Unix environments. It is based on the
"Internet Printing Protocol," and provides complete printing services to
most PostScript and raster printers. CUPS has a web-based graphical
interface for printer management and is available on most Linux systems.
More information is available at .

The following major vendors are known to distribute CUPS by default; in
some cases, it is the default printing implementation used as well:

Apple Computer Inc.
Debian Project
FreeBSD Project
MandrakeSoft Inc.
NetBSD Foundation
Red Hat Inc.
Slackware Linux Inc.
SuSE Inc.
The SCO Group
Turbolinux Inc.


Exploitation of multiple CUPS vulnerabilities allow local and remote
attackers in the worst of the scenarios to gain root privileges. The
following test platforms were used for various parts of this advisory:

[1] - Red Hat Linux 7.0 running CUPS-1.1.14-5 (RPM)
[2] - Red Hat Linux 7.3 running CUPS-1.1.14-15 (RPM)
[3] - Red Hat Linux 7.3 running CUPS-1.1.17 (Source Install)
Whole article and description of each vulnerability.