CA Spool Potential security risk due to IPPPORT=XXXXX statement in LPDSERV
Article ID: 145284
Updated On:
Products
Spool
Issue/Introduction
Following installation of SO11270 and SO11269 a new parameter for LPDSERV Parameters was introduced:
IPPPORT=XXXXXX
If this parameter is not specified, there may be problems concerning user exit ESFU011 and LPD printing.
However specifying this port poses a potential security issues as every active listening port in our enterprise must be approved because it could be used as an attack vector to compromise other systems.
Is there a solution to disable LPD/IPP interface.
Environment
Release : 14.0
Component : CA Spool
Cause
Following installation of SO11270 and SO11269 a new parameter for LPDSERV Parameters was introduced.
Resolution
FIX SO12015 ESF7034 SETSOCKOPT SO_LINFER FAILED ERRNO=113 has been created and is now available.
***NOTE*** This PTF corrects PE PTF SO11270
The following items are included in this solution:
1. ESF7034 SETSOCKOPT SO_LINFER FAILED ERRNO=113.
2. CA SPOOL LPD/IPP INTERFACE DO NOT RECEIVE ANY PRINT REQUESTS
***NOTE*** This PTF corrects PE PTF SO11270
The following items are included in this solution:
1. ESF7034 SETSOCKOPT SO_LINFER FAILED ERRNO=113.
2. CA SPOOL LPD/IPP INTERFACE DO NOT RECEIVE ANY PRINT REQUESTS
Feedback
Yes
No
Powered by
