[feisty] CSRF allows test page printing
Bug #106245 reported by
Amnon Aaronsohn
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cupsys (Ubuntu) |
Invalid
|
Low
|
Unassigned |
Bug Description
Binary package hint: cupsys
I just found out cups is set up to listen to http requests on port 631. Some commands require authentication but others don't, which I guess can be exploited. Take for example this html code:
<html>
<body>
Testing.
<img src="http://
</body>
</html>
If you have a printer with the given model, browsing to this page will make cups print a test page.
Of course, this code can be extended to include a list of multiple models, other operations, etc. Even operations which need authentication can be exploited if the username and password are cached.
Changed in cupsys: | |
assignee: | keescook → nobody |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. With which version of cupsys and Ubuntu did you notice this? Thanks in advance.