Linux

6052 readers

210 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of [email protected] and The GIMP

founded 2 years ago

MODERATORS

Ategon

anzo

dwraf_of_ignorance

Critical Unauthenticated RCE Flaws in CUPS Printing Systems (blog.qualys.com)

submitted 4 months ago by [email protected] to c/linux

9 comments fedilink hide all child comments

cross-posted from: https://ani.social/post/6217644

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] -1 points 4 months ago (1 children)

Yes.

Its nowhere near the risk that was claimed.

[–] [email protected] 4 points 4 months ago (2 children)

Basically an unauthenticated perl interpreter with root open to the network by default in most configurations across a couple decades.

It's about as bad as it can be?

[–] [email protected] 3 points 4 months ago

Compared to the original claim that it was kernel level and spread across literally everything?

No, no its not as bad as it was originally claimed.

Is it bad? Yes. Is it kernel level bad? No. It can easily be mitigated before a fix is out by blocking 631 and dns-sd traffic. It is not as bad as it was claimed to be.

[–] [email protected] 1 points 4 months ago

Is it common for cups to run as root? It should have its own user, but that is still not good.