[cups.bugs] [LOW] STR #2779: cupsaddsmb leaves root password in cleartext on harddisk

Lars Olsson larso_64 at hotmail.com
Mon Mar 31 10:20:24 PDT 2008


DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

I am an OpenBSD-user (at home) and recently intstalled smb-support for cups
(so cups exports the printer to samba). 

When running cupsaddsmb in debug-mode I noticed that it started rpcclient
in a mode that requested login and password from a file on a local disk!

This must be mentioned in man (8) cupsaddsmb as a real security threat! 

There are two solutions - either ask for password again or advice the user
to change root password to an easy one with both passwd and smbpasswd
before running cupsaddsmb. Afterwards users can change it back to the
normal complex one.

Link: http://www.cups.org/str.php?L2779
Version: 1.2.7





More information about the cups-devel mailing list