55
OpenPrinting News Flash - cups-browsed Remote Code Execution vulnerability
(openprinting.github.io)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Yep. While simple to prepare, this will affect almost nobody, as it requires the user to perform an increasingly rare action in a world that's often going paperless.
Also, the likelihood that a regular user will expose port 631 to the internet is probably close to zero. There's several uncommon pieces that have to be in place for this to work, to the point that it's not a simple matter to execute this exploit.
Is that really true? From https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
The very next sentence:
They said they were getting duplicates and non-*nix hits with that 300k number, which doesn't help them (i.e. the hundreds of thousands of hits was artificially inflated). So yes, the threat is overblown.
Coupled with the fact that patches are already out, and it's easily mitigated by closing 631, and I don't expect this will be much of a problem for most people.
Wait, which list of filtered IPs are you even talking about? The list in the article is a list of unique kernel versions, not IPs.
I'm not sure why you say it's "artificially" inflated. Non-linux systems are also affected.
How's that? If I'm running a Windows machine, how would a CUPS exploit affect me?
I'm not asking maliciously, but I genuinely don't grasp how that could be a viable attack vector.
You would be vulnerable on Windows, if you were running CUPS, which you probably are not. But CUPS is not tied to Linux, and is used commonly on e.g. BSDs, and Apple has their own fork for MacOS (have not heard anything about it being vulnerable though).
My guess is that most hits that scan is gonna catch is old enterprise networks, that has not been updated or maintained by security.