Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/atax1a/statuses/113205075007680030">mx alex tax1a - 2020 (4) (atax1a@infosec.exchange)'s status on Friday, 27-Sep-2024 03:07:33 JST</a><a href="https://infosec.exchange/@atax1a" title="atax1a@infosec.exchange"><img src="https://gnusocial.jp/avatar/40735-48-20231210191504.webp" width="48" height="48" alt="mx alex tax1a - 2020 (4)" style="position: absolute; left: 0; top: 0;">mx alex tax1a - 2020 (4)</a></section><article><p>fyi the guy who's hyping up the supposed "unauthenticated RCE" impacting all systems is a self-aggrandizing domestic assault perpetrator trying to draw attention to himself; successful exploitation of the so-called vuln depends on ability to edit /etc/cups/cupsd.conf, which generally already requires administrator privileges</p><p>and here he is being verbally abusive in a github issue: <a href="https://github.com/OpenPrinting/cups-browsed/issues/36" rel="nofollow noreferrer">https://github.com/OpenPrinting/cups-browsed/issues/36</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3732607#notice-7308341">In conversation</a><time datetime="2024-09-27T03:07:33+09:00" title="Friday, 27-Sep-2024 03:07:33 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@atax1a/113205075007680030" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@atax1a/113205075007680030">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/OpenPrinting/cups-browsed/issues/36">Review locking/multi-threading implementation · Issue #36 · OpenPrinting/cups-browsed</a></h5><div></div></header><div>According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can keep...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
mx alex tax1a - 2020 (4) (atax1a@infosec.exchange)'s status on Friday, 27-Sep-2024 03:07:33 JST mx alex tax1a - 2020 (4)
fyi the guy who's hyping up the supposed "unauthenticated RCE" impacting all systems is a self-aggrandizing domestic assault perpetrator trying to draw attention to himself; successful exploitation of the so-called vuln depends on ability to edit /etc/cups/cupsd.conf, which generally already requires administrator privileges
and here he is being verbally abusive in a github issue: https://github.com/OpenPrinting/cups-browsed/issues/36
In conversationabout 2 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Review locking/multi-threading implementation · Issue #36 · OpenPrinting/cups-browsed
  According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can keep...

Public

Embed Notice

HTML Code

Corresponding Notice