GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/205/584/720/805/054/original/acc7fae84f68d4b6.png

Notices where this attachment appears

  1. Embed this notice
    Will Dormann (wdormann@infosec.exchange)'s status on Friday, 27-Sep-2024 05:03:27 JST Will Dormann Will Dormann

    So this "CVSS 9.9" "unauthenticated RCE vs all GNU/Linux systems (plus others)" thing...

    - Does NOT affect all GNU/Linux systems.
    - Is not CVSS 9.9. I put it at a 6.3

    It also requires:
    1) The victim system has no active firewall to block incoming connections.
    2) A user on the victim system must print something to a printer that mysteriously appears on the system that has never been there before.

    If these two things happen, then command execution can happen as the "lp" user.

    <yawn>

    We get it. You found a vulnerability.
    Lying about it to try to stir up interest in it is not appreciated by anybody who takes themselves seriously in this industry.

    CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned.

    https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

    In conversation about 2 months ago from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.