Treasure@feddit.org to Linux@lemmy.ml · edit-22 months agoUnauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yetnitter.poast.orgexternal-linkmessage-square24fedilinkarrow-up11arrow-down10file-textcross-posted to: privacy@lemmy.ml
arrow-up11arrow-down1external-linkUnauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yetnitter.poast.orgTreasure@feddit.org to Linux@lemmy.ml · edit-22 months agomessage-square24fedilinkfile-textcross-posted to: privacy@lemmy.ml
minus-squaresuperglue@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up0·edit-22 months agoLooks like its out there now: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ Short version (correct me if I’m wrong): If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned. EDIT: It also requires the user to print to the malicious fake printer.
minus-squareTreasure@feddit.orgOPlinkfedilinkarrow-up0·2 months agoYeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn’t get the attention it “deserved”.
Looks like its out there now:
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Short version (correct me if I’m wrong):
If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned.
EDIT: It also requires the user to print to the malicious fake printer.
Yeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn’t get the attention it “deserved”.