Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 25-Sep-2024 04:16:15 JST Kevin Beaumont

   Regarding the Linux RCE thing doing the rounds from Twitter: https://cyberplace.social/@GossiTheDog/113194080852739654

   • GreenSkyOverMe (Monika) repeated this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 04:24:14 JST Kevin Beaumont

     in reply to

     Regarding the "unspecified Linux vulnerability" that the author has been "hyping the shit out of" (their words) all week -

     It's accidentally leaked, due to an unpaid open source maintainer making a boo boo.

     It's in CUPS, a printing subsystem. It isn't Linux specific.

     CUPS isn't faced much to the internet, I've checked and done a Shodan Safari. It also isn't installed by default on Linux server installs for almost all distros.

     It's not a big deal, update packages are dropping, don't panic.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 04:37:01 JST Kevin Beaumont

     in reply to

     Pouring one out for the unpaid open source maintainers dealing with this stuff for the past few weeks.

     I notice the person tweeting about it has turned off their replies on the tweets.

     GreenSkyOverMe (Monika) repeated this.
   • Embed this notice
     MemoryLeech (cyberleech@cyberplace.social)'s status on Friday, 27-Sep-2024 05:05:39 JST MemoryLeech

     in reply to

     @GossiTheDog

     https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 06:33:38 JST Kevin Beaumont

     in reply to

     Re the “Linux RCE” story, I’d like to point the press breathlessly covering this to one minor (sarcasm) detail for exploitation: “A potential victim attempts to print from the malicious device”

     My thoughts on how this has played out: https://www.linkedin.com/posts/kevin-beaumont-security_open-source-has-many-unpaid-volunteers-who-activity-7245168546840793088-3N7A?utm_source=share&utm_medium=member_ios

     Haelwenn /элвэн/ :triskell: repeated this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 07:03:53 JST Kevin Beaumont

     in reply to

     Redhat’s advisory is worth a read if you want calm actual analysis: https://www.redhat.com/en/blog/red-hat-response-openprinting-cups-vulnerabilities

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 07:17:05 JST Kevin Beaumont

     in reply to

     Also; all the press articles I’ve seen on this have taken the word of the vulnerability finder as gospel - they haven’t actually fact checked it.

     Eg none of the CVEs are CVSS score 9.9. Or close.

     The sole source in articles shouldn’t be a known bully. The story is probably more how this played out so it doesn’t happen again.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Friday, 27-Sep-2024 07:22:39 JST feld

     in reply to
     @GossiTheDog so it's not an RCE on "all GNU/Linux systems"? Color me shocked :monocle:
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 07:54:17 JST Kevin Beaumont

     in reply to

     In the researchers PoC video they casually don't show that the victim user needs to print to the malicious print queue first, it's not in the video. Minor detail.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Sep-2024 08:08:44 JST Kevin Beaumont

     in reply to

     The media are going to have to go back and rewrite or delete the articles here.. it’s not labelled Critical, it’s not a 9.9 etc etc.

     I think there’s probably lessons to be learned here around how vulns are covered.

   • Embed this notice
     Fellows (fellows@cyberplace.social)'s status on Friday, 27-Sep-2024 08:17:56 JST Fellows

     in reply to

     @GossiTheDog if it doesn’t have a crappy graphic you made with Paint, I tend not to worry!

   • Embed this notice
     Will Dormann (wdormann@infosec.exchange)'s status on Saturday, 28-Sep-2024 00:37:29 JST Will Dormann

     in reply to

     @GossiTheDog
     Was it a "boo boo"?

     We're all better off because of the leak, so we should probably thank whoever was at fault. 😂

     Think about the alternate universe of having gone through an additional week and a half of self-amplifying media hype. 😬