Treasure@feddit.org to Linux@lemmy.ml · edit-22 months agoUnauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yetnitter.poast.orgmessage-square25fedilinkarrow-up191file-text
arrow-up191external-linkUnauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yetnitter.poast.orgTreasure@feddit.org to Linux@lemmy.ml · edit-22 months agomessage-square25fedilinkfile-text
minus-squaresuperglue@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up1·edit-22 months agoLooks like its out there now: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ Short version (correct me if I’m wrong): If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned. EDIT: It also requires the user to print to the malicious fake printer.
Looks like its out there now:
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Short version (correct me if I’m wrong):
If you have CUPS service cups-browsed on your machine and you for some reason exposed that to the internet (port 631), you are about to get pwned.
EDIT: It also requires the user to print to the malicious fake printer.