Attacking UNIX Systems via CUPS, Part I
#linux #nix #cups #rce #vulnerability #critical
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Attacking UNIX Systems via CUPS, Part I
#linux #nix #cups #rce #vulnerability #critical
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
SAN ISC: Patch for Critical CUPS vulnerability: Don't Panic
CUPS may use "filters", executables that can be used to convert documents. The part responsible ("cups-filters") accepts unverified data that may then be executed as part of a filter operation. An attacker can use this vulnerability to inject a malicious "printer". The malicious code is triggered once a user uses this printer to print a document. This has little or no impact if CUPS is not listening on port 631, and the system is not used to print documents (like most servers). An attacker may, however, be able to trigger the print operation remotely. On the local network, this is exploitable via DNS service discovery. A proof of concept exploit has been made available.
There is no patch right now. Disable and remove cups-browserd (you probably do not need it anyway). Update CUPS as updates become available. Stop UDP traffic on Port 631.
#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #vulnerability #cve
Palo Alto Networks advisory: CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues.
Note: PAN on top of the social media scene or have people giving them a heads up.
#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #PaloAltoNetworks #vulnerability #cve
Tenable: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
This is perhaps the most informative and comprehensive guide to the CUPS vulnerabilities yet. While I question the use of the phrase zero-days, they were publicly announced prematurely due to a leak ahead of a coordinated disclosure date, and proof of concept has been released. Fortunately, it's not the 9.9 doomsday that everyone was hawk tuahing about. Skibidi I don't think anyone reads what I write anyway. Only in Ohio though.
As @CraigHRowland said:
The bad news is there is a vulnerability in the CUPS printer system on Linux. The good news is nobody has ever gotten their printer working on Linux so they are safe.
#CVE_2024_47076 #CVE_2024_47177 #CVE_2024_47175 #CVE_2024_47176 #CUPS #linux #vulnerability #cve
Unauthenticated #RCE vs all #GNU / #Linux systems (plus others) disclosed 3 weeks ago.
#Canonical, #RedHat and others have confirmed the severity, a 9.9/10 😱😱😱😱😱
https://threadreaderapp.com/thread/1838169889330135132.html
“The more I use Lisp, the more I understand the Unix philosophy as something not for daily use, but as something to be lying on top seamlessly”
@anthk yes, I completely agree! I actually wrote a whole series of blog posts on this topic:
Mais uma dia da Semana do Software Livre no Brasil. Hoje também estamos com uma programação maravilhosa feita com muita dedicação e esmero pela própria comunidade para nossa comunidade.
Se perder a programação dessa quarta, não se preocupe que amanhã, quinta, e sexta tem mais. Acesse toda a programação no link final.
As atividades de já já, quarta dia 25, começam a partir das 18:00h. O conteúdo será transmitido pelo nosso canal na Fediverse TV: https://fediverse.tv/c/movimentosoftwarelivre/
Reserve a data da sexta, dia 27 de Setembro, as 19:30h para comemorar online conosco os 41 anos do Projeto GNU.
#softwareLivre #codigoaberto #linux
🌐 Link para a programação completa e maiores informações: https://gralha.cc/ssl-br
Hmm, I wonder if this is actually an issue with tap-to-click not getting disabled when the disable touchpad while typing setting is on in GNOME and/or the StarLite firmware.
I’ve just re-enabled the trackpad but turned off tap to click and I don’t seem to be seeing the problem (and the mouse cursor does disappear while typing, which is did before too).
Hmm… I’ll update the issue and fingers crossed they’ll be able to fix it for tap-to-click too.
Right, disabled the trackpad entirely and I can at least type again.
Thankfully, it’s a tablet (although you can’t use it for programming – at least in Terminal, e.g., with Helix – in tablet mode because the on-screen keyboard in GNOME does not have all the keys you need. e.g., ESC is missing. Kind of a biggie when using a modal editor) so I can use the touch-screen if I need to (not ideal ergonomically when using it docked but goodness it feels good to be able to type again.
Hey everyone...
If you use or have used the #Cosmic install script I created, and install/ed using Development version, then guess what. Alpha 2 is now available to you. Just an FYI. #XeroLinux #FOSS #Linux #OpenSource #ArchLinux
Horizon Zero Dawn Remastered releases October 31 with the PlayStation Overlay https://www.gamingonlinux.com/2024/09/horizon-zero-dawn-remastered-releases-october-31-with-the-playstation-overlay/
A cautious #cybersecurity warrior ensures that all tools and weapons work precisely as needed. #Linux #FreeBSD #OpenSource https://cromwell-intl.com/open-source/bashrc/?s=mc
Chill diorama builder Tiny Glade is out now https://www.gamingonlinux.com/2024/09/chill-diorama-builder-tiny-glade-is-out-now/
I hope, that slowly we will build a great community, which cares about privacy and is interested in Linux, games or other things. It's always hard to start, but my goal is important, to help in adopting privacy. It's important to have at least a bit of it in this modern world. As you can see, we can spot more and more laws wanting to take our last bastion. We can't let it happen. Thank You for following this page! I should try editing less as right now.
Hey #storage geeks.... is there anything like a #Linux GUI interface for #Rsync or #Rclone that will let me feel like I'm using something like DropBox but it's actually syncing to some #S3 compatible storage?
Tengo publicado en YouTube un tutorial para la instalación de una VM #Ubuntu Server.
Instala un servidor en tu PC.
#Gratis #Free #SiguemeYTeSigo #folloback #FolloMe #Linux #VirtualBox
Tengo publicado en YouTube un tutorial para la instalación del servidor de base de datos #PostgresQL en una máquina virtual con #Ubuntu.
#Gratis #Free #SiguemeYTeSigo #folloback #FolloMe #Linux #SQL #BBDD
Who is paying attention to #EvilSocket on X and wheres the conversation happening? I'd like to follow whoever's mastodon is talking about it.
If no one is, then there is a #Linux unauth #RCE being disclosed to openwall on the 30th.
Appears to affect Linux and #BSD with a 9.9 CVSS score.
From reading X thread seems to be not kernel or user space. Assuming protocol implementation?
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.