Hello,
The security vulnerability in the topic has been reported recently:
—
https://security-tracker.debian.org/tra ... 2024-47176
https://bugs.debian.org/cgi-bin/bugrepo ... ug=1082820
The security vulnerability in the topic has been reported recently:
At the time of writing this post, a fix is available for Debian Unstable via a package upgrade.| CUPS is a standards-based, open-source printing system, and `cups-
| browsed` contains network printing functionality including, but not
| limited to, auto-discovering print services and shared printers.
| `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any
| packet from any source, and can cause the `Get-Printer-Attributes`
| IPP request to an attacker controlled URL. Due to the service
| binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed`
| can be exploited in sequence to introduce a malicious printer to the
| system. This chain of exploits ultimately enables an attacker to
| execute arbitrary commands remotely on the target machine without
| authentication when a print job is started. This poses a significant
| security risk over the network. Notably, this vulnerability is
| particularly concerning as it can be exploited from the public
| internet, potentially exposing a vast number of systems to remote
| attacks if their CUPS services are enabled.
—
https://security-tracker.debian.org/tra ... 2024-47176
https://bugs.debian.org/cgi-bin/bugrepo ... ug=1082820
Statistics: Posted by Aki — 2024-09-28 12:05 — Replies 2 — Views 126