56
OpenPrinting News Flash - cups-browsed Remote Code Execution vulnerability
(openprinting.github.io)
this post was submitted on 30 Sep 2024
56 points (98.3% liked)
Linux
48044 readers
787 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yep. While simple to prepare, this will affect almost nobody, as it requires the user to perform an increasingly rare action in a world that's often going paperless.
Also, the likelihood that a regular user will expose port 631 to the internet is probably close to zero. There's several uncommon pieces that have to be in place for this to work, to the point that it's not a simple matter to execute this exploit.
Is that really true? From https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
The very next sentence:
They said they were getting duplicates and non-*nix hits with that 300k number, which doesn't help them (i.e. the hundreds of thousands of hits was artificially inflated). So yes, the threat is overblown.
Coupled with the fact that patches are already out, and it's easily mitigated by closing 631, and I don't expect this will be much of a problem for most people.
I'm not sure why you say it's "artificially" inflated. Non-linux systems are also affected.
How's that? If I'm running a Windows machine, how would a CUPS exploit affect me?
I'm not asking maliciously, but I genuinely don't grasp how that could be a viable attack vector.
You would be vulnerable on Windows, if you were running CUPS, which you probably are not. But CUPS is not tied to Linux, and is used commonly on e.g. BSDs, and Apple has their own fork for MacOS (have not heard anything about it being vulnerable though).
Wait, which list of filtered IPs are you even talking about? The list in the article is a list of unique kernel versions, not IPs.
My guess is that most hits that scan is gonna catch is old enterprise networks, that has not been updated or maintained by security.
ipv6 doesn't give the NAT. A malicious website can mount the attack.
How?
Say I host a malicious server with ipv6 only. You visit the site without NAT. I get your ip and ip:631 is open (unless firewall and listen is restricted to prefix). Usual attack afterwards.
Edit: You need to have ipv6, for example many mobile networks.
I have full IPv6, none of my ports that I haven't explicitly whitelisted in the firewall can be accessed from the Internet. I can open a host completely, but it's not default. This is on the most common brand of consumer routers here.
Just because it's not NATted doesn't mean there's no firewall in place.
Yeah ofcourse firewall is the good idea here. I personally have firewall on on every device so that I can manage what can connect and from where.
The point is though often people just disable firewalls (some distros do not install/enable by default too) to workarround certain issues quickly like kdeconnect not connecting, bridge not working and such. That's how I think the whole 'ipv4 NAT is the best (consumer) firewall' concept came popular.