Mr. BitternessSep 26, 2024

So this "CVSS 9.9" "unauthenticated RCE vs all GNU/Linux systems (plus others)" thing...

- Does NOT affect all GNU/Linux systems.
- Is not CVSS 9.9. I put it at a 6.3

It also requires:
1) The victim system has no active firewall to block incoming connections.
2) A user on the victim system must print something to a printer that mysteriously appears on the system that has never been there before.

If these two things happen, then command execution can happen as the "lp" user.

<yawn>

We get it. You found a vulnerability.
Lying about it to try to stir up interest in it is not appreciated by anybody who takes themselves seriously in this industry.

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned.

https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

Attacking UNIX Systems via CUPS, Part I

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s

evilsocket
Show threadsometimes ianSep 26, 2024
@wdormann @wdormann this guy is a real bully, too. nobody should take him seriously: https://github.com/OpenPrinting/cups-browsed/issues/36#issuecomment-2377566373
Review locking/multi-threading implementation · Issue #36 · OpenPrinting/cups-browsed

According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can keep...

GitHub
Show threadMr. Bitterness

@ecn
Indeed. When I first saw the post, I noticed that I had his account blocked on Twitter.

I can't recall when/why I did the blocking, but I see that they're unsurprisingly still a horrible person.

Sep 26, 2024 at 8:19pmWeb