:: Re: [DNG] Critical CVE?
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] Critical CVE?
Le 26/09/2024 à 23:05, Nick via Dng a écrit :
> On 26-09-2024 22:55, Peter Duffy wrote:
>> These have appeared in the last hour or so:
>>
>> https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
>>
>> https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
>>
>>
>> CUPS  (specifically cups-browserd)
>>
>> Personally, I'm waiting for a few analyses of the above before I do
>> anything drastic.
>>
>> On Thu, 2024-09-26 at 14:33 -0500, golinux via Dng wrote:
>>> On 2024-09-26 13:53, Martin Steigerwald wrote:
>>>> Hi.
>>>>
>>>> Peter Duffy - 26.09.24, 20:21:15 CEST:
>>>>
>>>> Or on The Register. And its past 20:00 UTC already.
>>>>
>>> Nope . . .
>>>
>>> https://time.is/UTC says it is now 19:31 UTC which is important
>>> because
>>> today's meet is at 20:30.
>>>
>>> golinux
> It looks pretty serious although I wonder why you would have a open
> cups port on the WAN interface. On the distro's I know cups is not
> installed by default. And default on 127.0.0.1 if installed.


    This is a risk for hosts running Cups in an untrusted LAN;
certainly not at home. I don't know for you guys, but it would take me
some config work on my internet box to map some incoming port to port
631 of the host running Cups; and why would I do this for? In addition
this requires to have a private WAN IP address for the box.

    But, in an untrusted LAN the risk may be made even bigger by Cups
design: if a host is connected to two networks, its Cups server allows
by default to hop from one LAN to the other for printing.

--     Didier