Warning:
!!!! Huge Critical Linux Vulnerability !!!!!
Remote code execution.
Key Points:
A critical, unauthenticated Remote Code Execution (RCE) vulnerability in GNU/Linux systems, rated 9.9, is about to be disclosed. [2]
The flaw has been known for over a decade but was disclosed to developers only three weeks ago by bug hunter Simone Margaritelli.
Margaritelli's upcoming write-up will include a proof-of-concept exploit and technical details.
While the bug has no CVE assigned yet, it is expected to need at least three and ideally six CVEs.
Canonical and RedHat have confirmed the severity of the issue, but there's no fix yet.
Entry Points from Simone Margaritelli:
WAN / public internet: a remote attacker sends an UDP packet to port 631. No authentication whatsoever.
LAN: a local attacker can spoof zeroconf / mDNS / DNS-SD advertisements [1]
Sources:
[1] https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://www.phoronix.com/news/Linux-CVSS-9.9-Rating
https://www.redhat.com/en/blog/red-hat-response-openprinting-cups-vulnerabilities
Exploitation requires user interaction - attempting to print to a fake printer.
Devs assume only an idiot would do that.
Maybe, but the world is filled with highly credentialled idiots. Every university is vulnerable to this. Every hospital and big law firm, too.
I assume only someone from the last century would do that.
