Linux

5240 readers

152 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago

MODERATORS

[email protected]

Critical Unauthenticated RCE Flaws in CUPS Printing Systems (blog.qualys.com)

submitted 1 month ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

cross-posted from: https://ani.social/post/6217644

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 1 month ago (2 children)

Basically an unauthenticated perl interpreter with root open to the network by default in most configurations across a couple decades.

It's about as bad as it can be?

[–] [email protected] 3 points 1 month ago

Compared to the original claim that it was kernel level and spread across literally everything?

No, no its not as bad as it was originally claimed.

Is it bad? Yes. Is it kernel level bad? No. It can easily be mitigated before a fix is out by blocking 631 and dns-sd traffic. It is not as bad as it was claimed to be.

[–] [email protected] 1 points 1 month ago

Is it common for cups to run as root? It should have its own user, but that is still not good.