this post was submitted on 29 Sep 2024
43 points (100.0% liked)

Linux

5230 readers
199 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
43
The CUPS explout is here: GitHub - RickdeJager/cupshax (github.com)
submitted 1 month ago by Blaze@lemmy.zip to c/linux@programming.dev
6 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.zip/post/23601247

I hope this goes without saying but please do not run this on machines you don't own.

The good news:

  • the exploit seems to require user action

The bad news:

  • Device Firewalls are ineffective against this

  • if someone created a malicious printer on a local network like a library they could create serious issues

  • it is hard to patch without breaking printing

  • it is very easy to create printers that look legit

  • even if you don't hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall

TLDR: you should be careful hitting print

you are viewing a single comment's thread
view the rest of the comments
[–] Telorand@reddthat.com 1 points 1 month ago (1 children)

But again, most people aren't running Linux, and for people who are, they're likely more conscientious about connectivity and security patches.

I agree that most people aren't paying attention to every little thing, but the likelihood of someone invading your home network for a tiny payoff, especially when it requires the rare activity of printing something, is probably low-risk.

[–] schizo@forum.uncomfortable.business 2 points 1 month ago

But again, most people aren’t running Linux

Exactly. This is bad, for the 0.3% of the computing population that use Linux AND have CUPS installed AND actually print things.

Not exactly a prime target, compared to literally almost anything else. If I were going all-in on something after having gained access to someone's local network, I'm 100% in on any exploit that lets me use an infostealer trojan to steal your session cookies, not fiddling around and hoping you print something.

(Patch your shit anyways, but there's no need to freak out.)