Unauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yet
Unauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yet
EDIT: Original post seems to have been removed, try this Nitter mirror instead.
You're viewing a single thread.
Looks like its out there now:
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Short version (correct me if I'm wrong):
If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned.
EDIT: It also requires the user to print to the malicious fake printer.
Yeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn't get the attention it "deserved".
Disappointment? Only if you mean the person that came up with FoomaticRIP.
For those who did not read the entire thing, it's a so called "filter" that converts the document before it's sent to certain nasty types of printers. Except it's not executed on the print server. The unauthenticated print server can just ask a client to run it on their side. And it's designed to be able to execute ANY command.