[GRLUG] CVE-2014-6271

Adam Tauno Williams awilliam at whitemice.org
Thu Sep 25 13:56:08 EDT 2014

On Thu, 2014-09-25 at 13:05 -0400, Michael Mol wrote: 
> Oh, and from the same link:
> CUPS - It is believed that CUPS is affected by this issue. Various
> user supplied values are stored in environment variables when cups
> filters are executed.

Agree, that one is ugly.  

I'm not a fan of using environment variables for IPC - but CUPS does
exactly that.  I have seen the same kind of approach used for
sub-process kinds of stuff as well - this exploit certainly effects
those use cases.

Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

More information about the grlug mailing list