Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 450282 (CVE-2012-6094) - <net-print/cups-2.0.0: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation (CVE-2012-6094)
Summary: <net-print/cups-2.0.0: 'Listen localhost:631' option not honoured correctly o...
Status: RESOLVED FIXED
Alias: CVE-2012-6094
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-04 19:19 UTC by Agostino Sarubbo
Modified: 2016-11-23 13:32 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-01-04 19:19:04 UTC
From $URL :

During the process of CUPS socket activation code refactoring in favour of systemd capability a 
security flaw was found in the way CUPS service honoured Listen localhost:631 cupsd.conf 
configuration option. The setting was recognized properly for IPv4-enabled systems, but failed to 
be correctly applied for IPv6-enabled systems. As a result, a remote attacker could use this flaw 
to obtain (unauthorized) access to the CUPS web-based administration interface.

References:
[1] https://bugzilla.novell.com/show_bug.cgi?id=795624
Comment 1 Sean Amoss gentoo-dev Security 2013-03-03 21:20:49 UTC
printing: Fedora's fix [1] was to drop the IP socket activation

[1] http://pkgs.fedoraproject.org/cgit/cups.git/commit/cups-systemd-socket.patch?id=6ef39188975c03f6132a98c8cad20ce80b3d95d9
Comment 2 Andreas K. Hüttel gentoo-dev 2013-06-06 15:13:59 UTC
@systemd: please help, because I dont really know what this is about
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-06-06 17:24:11 UTC
I don't understand it either. There's a problem with IPv6, so Fedora disabled IPv4? ;f
Comment 4 Andreas K. Hüttel gentoo-dev 2013-06-26 22:56:53 UTC
This is not a regression in 1.6
Comment 5 tman 2014-10-25 23:35:25 UTC
*** Bug 526860 has been marked as a duplicate of this bug. ***
Comment 6 tman 2014-10-25 23:40:40 UTC
this bug report is so old now, but i still get this error with

net-print/cups-2.0.0-r2 and systemd 

so there is a solution insight?
Comment 8 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-11-23 13:32:17 UTC
Package is now stable, but not vulnerable.  Leaving original whiteboard values in place.

GLSA Vote: No