Gentoo Logo

CUPS: Leakage of sensitive information


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200410-06 / cups
Release Date October 09, 2004
Latest Revision October 09, 2004: 01
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-print/cups <= 1.1.20-r2, = 1.1.21 revision >= 1.1.20-r3, >= 1.1.21-r1 All supported architectures

Related bugreports: #66501


CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.

2.  Impact Information


The Common UNIX Printing System (CUPS) is a cross-platform print spooler.


When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile.


A local user could gain knowledge of sensitive authentication data.

3.  Resolution Information


There is no known workaround at this time.


All CUPS users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv ">=net-print/cups-1.1.20-r3"
# emerge ">=net-print/cups-1.1.20-r3"

4.  References


Page updated October 09, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.