Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
elacheche@mastodon.tn's status on Friday, 27-Sep-2024 05:08:12 JST elacheche

Unauthenticated #RCE vs all #GNU / #Linux systems (plus others) disclosed 3 weeks ago.
#Canonical, #RedHat and others have confirmed the severity, a 9.9/10 😱😱😱😱😱
https://threadreaderapp.com/thread/1838169889330135132.html
In conversation about 2 months ago from mastodon.tn permalink
Attachments
1. Domain not in remote thumbnail source whitelist: shots.threadreader.app
  
  Thread by @evilsocket on Thread Reader App
  
  from @evilsocket
  
  @evilsocket: * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less than 2 weeks (as agreed with devs). * Still no CVE assigned (there should be at...…
- Embed this notice
  Not Evander Sinque (filis@mastodon.social)'s status on Friday, 27-Sep-2024 05:08:10 JST Not Evander Sinque
  in reply to
  
  @elacheche it's #CUPS
  
  In conversation about 2 months ago permalink
- Embed this notice
  feld (feld@friedcheese.us)'s status on Friday, 27-Sep-2024 05:08:10 JST feld
  in reply to
  - Not Evander Sinque
  @FiLiS @elacheche "plus others" but won't give any details? I'm super skeptical tbh
  
  prove one distro vendor confirmed this that isn't shipping glibc please
  
  In conversation about 2 months ago permalink
- Embed this notice
  elacheche@mastodon.tn's status on Friday, 27-Sep-2024 05:55:09 JST elacheche
  in reply to
  - Not Evander Sinque
  - feld
  @feld @FiLiS
  I agree, he made it look like something "built-in" or business/user critical..
  The CVE can have a high score, but it's impact is not big.. And most of the "default" cups installations (aka end users) are not reachable via the net..
  
  In conversation about 2 months ago permalink
  
  feld likes this.

Public

Conversation

Notices

Feeds