On 4/16/07, Martin Pitt <[EMAIL PROTECTED]> wrote: > Please elaborate about this. By default, cupsd only listens on > localhost. Local users can do printing operations much easier.
cupsd listens on localhost but remote web pages can make the browser access it, , as in the example above. Note that the remote web server doesn't contact cupsd, the locally running web browser does, without user intervention. Even if you enable cupsd to listen on all ports, you probably don't want remote web pages to execute commands which require authentication, but AFAIK this attack can also work for this commands since the browser will send the credentials if they're cached. This can be considered a simple case of CSRF (http://en.wikipedia.org/wiki/Csrf). BTW, I'm not sure if the URL always contains the printer's model (as in my configuration) or some other simple name. To reproduce the bug you may have to browse first to localhost:631 and copy the URL for a command into the html code. (The remote attacker doesn't have to do this if he can guess the URL). -- [feisty] web vulnerability https://bugs.launchpad.net/bugs/106245 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
