182

The CUPS explout is here: GitHub - RickdeJager/cupshax(github.com)

posted
*
by
Avatar
Possibly linux@lemmy.zip
in
Avatar
linux@lemmy.ml
15 comments
hidereport

I hope this goes without saying but please do not run this on machines you don’t own.

The good news:

  • the exploit seems to require user action

The bad news:

  • Device Firewalls are ineffective against this

  • if someone created a malicious printer on a local network like a library they could create serious issues

  • it is hard to patch without breaking printing

  • it is very easy to create printers that look legit

  • even if you don’t hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall

TLDR: you should be careful hitting print

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
Possibly linux@lemmy.zipOP
-7 points
*

There is currently no fix available

Edit: I’m mistaken

permalink
report
parent
reply
Avatar
forbiddenlake@lemmy.world
4 points

Not true, Arch and Ubuntu (the ones I personally checked on) already pushed patches that disabled cups browsed by default, removing the service listening on 631.

permalink
report
parent
reply
Avatar
superkret@feddit.org
7 points

What? I got a patch on Arch yesterday.

permalink
report
parent
reply
Avatar
IrritableOcelot@beehaw.org
5 points

I mean both Red Hat and Ubuntu did ship updates to change the config of cups-browsed, so I don’t think that’s correct.

permalink
report
parent
reply
Avatar
Possibly linux@lemmy.zipOP
1 point

Maybe my information is out of date then

permalink
report
parent
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 8.4K

    Monthly active users

  • 3.4K

    Posts

  • 40K

    Comments

Community moderators