Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113205901095742311">Not Simon 🐐 (screaminggoat@infosec.exchange)'s status on Friday, 27-Sep-2024 09:49:15 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20240828155747.webp" width="48" height="48" alt="Not Simon 🐐" style="position: absolute; left: 0; top: 0;">Not Simon 🐐</a><div><a href="https://infosec.exchange/@screaminggoat/113205889582673183" rel="in-reply-to">in reply to</a></div></section><article><p>SAN ISC: <a href="https://isc.sans.edu/diary/rss/31302" rel="nofollow noreferrer">Patch for Critical CUPS vulnerability: Don't Panic</a></p><p>CUPS may use "filters", executables that can be used to convert documents. The part responsible ("cups-filters") accepts unverified data that may then be executed as part of a filter operation. An attacker can use this vulnerability to inject a malicious "printer". The malicious code is triggered once a user uses this printer to print a document. This has little or no impact if CUPS is not listening on port 631, and the system is not used to print documents (like most servers). An attacker may, however, be able to trigger the print operation remotely. On the local network, this is exploitable via DNS service discovery. A proof of concept exploit has been made available.</p><p>There is no patch right now. Disable and remove cups-browserd (you probably do not need it anyway). Update CUPS as updates become available. Stop UDP traffic on Port 631.</p><p><a href="https://infosec.exchange/tags/CVE_2024_47076" rel="tag">#CVE_2024_47076</a> <a href="https://infosec.exchange/tags/CVE_2024_47177" rel="tag">#CVE_2024_47177</a> <a href="https://infosec.exchange/tags/CVE_2024_47175" rel="tag">#CVE_2024_47175</a> <a href="https://infosec.exchange/tags/CVE_2024_47176" rel="tag">#CVE_2024_47176</a> <a href="https://infosec.exchange/tags/CUPS" rel="tag">#CUPS</a> <a href="https://infosec.exchange/tags/linux" rel="tag">#linux</a>  <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/cve" rel="tag">#cve</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3734407#notice-7311873">In conversation</a><time datetime="2024-09-27T09:49:15+09:00" title="Friday, 27-Sep-2024 09:49:15 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113205901095742311" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113205901095742311">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Not Simon 🐐 (screaminggoat@infosec.exchange)'s status on Friday, 27-Sep-2024 09:49:15 JST Not Simon 🐐
in reply to
SAN ISC: Patch for Critical CUPS vulnerability: Don't Panic
CUPS may use "filters", executables that can be used to convert documents. The part responsible ("cups-filters") accepts unverified data that may then be executed as part of a filter operation. An attacker can use this vulnerability to inject a malicious "printer". The malicious code is triggered once a user uses this printer to print a document. This has little or no impact if CUPS is not listening on port 631, and the system is not used to print documents (like most servers). An attacker may, however, be able to trigger the print operation remotely. On the local network, this is exploitable via DNS service discovery. A proof of concept exploit has been made available.
There is no patch right now. Disable and remove cups-browserd (you probably do not need it anyway). Update CUPS as updates become available. Stop UDP traffic on Port 631.
#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #vulnerability #cve
In conversationabout 2 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice