:: Re: [DNG] Critical CVE?
Top Page
Delete this message
Reply to this message
Author: Rob van der Putten
Date:  
To: dng
Subject: Re: [DNG] Critical CVE?
Hi


On 27/09/2024 11:43, Didier Kryn wrote:

> Le 26/09/2024 à 23:05, Nick via Dng a écrit :
>> On 26-09-2024 22:55, Peter Duffy wrote:
>>> These have appeared in the last hour or so:
>>>
>>> https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
>>>
>>> https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
>>>
>>> CUPS  (specifically cups-browserd)
>>>
>>> Personally, I'm waiting for a few analyses of the above before I do
>>> anything drastic.
>>>
>>> On Thu, 2024-09-26 at 14:33 -0500, golinux via Dng wrote:
>>>> On 2024-09-26 13:53, Martin Steigerwald wrote:
>>>>> Hi.
>>>>>
>>>>> Peter Duffy - 26.09.24, 20:21:15 CEST:
>>>>>
>>>>> Or on The Register. And its past 20:00 UTC already.
>>>>>
>>>> Nope . . .
>>>>
>>>> https://time.is/UTC says it is now 19:31 UTC which is important
>>>> because
>>>> today's meet is at 20:30.
>>>>
>>>> golinux
>> It looks pretty serious although I wonder why you would have a open
>> cups port on the WAN interface. On the distro's I know cups is not
>> installed by default. And default on 127.0.0.1 if installed.
>
>     This is a risk for hosts running Cups in an untrusted LAN;
> certainly not at home. I don't know for you guys, but it would take me
> some config work on my internet box to map some incoming port to port
> 631 of the host running Cups; and why would I do this for? In addition
> this requires to have a private WAN IP address for the box.
>
>     But, in an untrusted LAN the risk may be made even bigger by Cups
> design: if a host is connected to two networks, its Cups server allows
> by default to hop from one LAN to the other for printing.


Apart from remote access, can someone explain to me why cups-browsed
runs as root?
It is the only network daemon that I know of, that does so.


Regards,
Rob