qqq@lemmy.worldtoTechnology@lemmy.world•Possible Linux Severe CVSS 9.9/10 Unauthenticated RCE FlawEnglish
14·
1 month agoThis is a real exploit chain in cups-browsed
. The tl;dr is that it will add basically anything that knows the correct protocol to your list of available printers, and this can be exploited for RCE if you print to the malicious printer. The service listens on all interfaces by default on UDP 631.
It is not as horrible as it was marketed, but it’s real and not great. You may or may not have this service running by default; I didn’t on Fedora.
His full write-up is here: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Hm I always remember hearing this:
https://en.m.wikipedia.org/wiki/Frank_Luntz
https://www.theguardian.com/environment/2014/may/27/americans-climate-change-global-warming-yale-report