[GRLUG] CVE-2014-6271
Adam Tauno Williams
awilliam at whitemice.org
Thu Sep 25 13:56:08 EDT 2014
On Thu, 2014-09-25 at 13:05 -0400, Michael Mol wrote:
> Oh, and from the same link:
> CUPS - It is believed that CUPS is affected by this issue. Various
> user supplied values are stored in environment variables when cups
> filters are executed.
Agree, that one is ugly.
I'm not a fan of using environment variables for IPC - but CUPS does
exactly that. I have seen the same kind of approach used for
sub-process kinds of stuff as well - this exploit certainly effects
those use cases.
--
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
More information about the grlug
mailing list