Treasure@feddit.org to Linux@lemmy.ml · edit-22 months agoUnauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yetnitter.poast.orgexternal-linkmessage-square26fedilinkarrow-up189arrow-down13file-textcross-posted to: privacy@lemmy.mlcybersecurity@sh.itjust.works
arrow-up186arrow-down1external-linkUnauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yetnitter.poast.orgTreasure@feddit.org to Linux@lemmy.ml · edit-22 months agomessage-square26fedilinkfile-textcross-posted to: privacy@lemmy.mlcybersecurity@sh.itjust.works
minus-squaresuperglue@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up3·edit-22 months agoLooks like its out there now: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ Short version (correct me if I’m wrong): If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned. EDIT: It also requires the user to print to the malicious fake printer.
minus-squareTreasure@feddit.orgOPlinkfedilinkarrow-up2·2 months agoYeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn’t get the attention it “deserved”.
Looks like its out there now:
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Short version (correct me if I’m wrong):
If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned.
EDIT: It also requires the user to print to the malicious fake printer.
Yeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn’t get the attention it “deserved”.