CA Spool Potential security risk due to IPPPORT=XXXXX statement in LPDSERV

book

Article ID: 145284

calendar_today

Updated On:

Products

CA Spool

Issue/Introduction

Following installation of SO11270 and SO11269 a new parameter for  LPDSERV Parameters was introduced:

IPPPORT=XXXXXX

If this parameter is not specified, there may be problems concerning user exit ESFU011 and LPD printing.

However specifying this port poses a potential security issues as every active listening port in our enterprise must be approved because it could be used as an attack vector to compromise other systems.

Is there a solution to disable LPD/IPP interface.

 

Cause

Following installation of SO11270 and SO11269 a new parameter for  LPDSERV Parameters was introduced.

Environment

Release : 14.0

Component : CA Spool

Resolution

FIX SO12015 ESF7034 SETSOCKOPT SO_LINFER FAILED ERRNO=113 has been created and is now available.

 ***NOTE*** This PTF corrects PE PTF SO11270
 
 The following items are included in this solution:
 
 1. ESF7034 SETSOCKOPT SO_LINFER FAILED ERRNO=113.
 
 2. CA SPOOL LPD/IPP INTERFACE DO NOT RECEIVE ANY PRINT REQUESTS