https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ ๐ฟ
nostr:note18amd3aesnrwfl7cltfje3y9q0q2vf6r7cpz6rznf5ynv70al775slegset
Discussion
Removing cupsd on desktops has long been a part of many orgs security policy, and servers shouldn't have it installed in the first place.
Having packages installed that aren't being actively used is a big attack surface, as this exploit shows.
Ppl use Linux instead of RTOS for all kinds of things they shouldn't.
Man will use a full stack Linux distribution with a raspberry pi to turn on and off a light instead of going to therapy.
Don't you need cups installed to print? Even apple has it running
Man will use software that talks to a cloud server or a system in China, over the internet, instead of pressing a button to turn on and off a light instead of going to therapy.
Every time us-east-1 goes tits up half the US households go dark.
cupsd + some random closed firmware for printer compatibility all exposed on misconfigured avahi is the real man full stack to do bitcoin signs ๐
I tested my nostr:npub126ntw5mnermmj0znhjhgdk8lh2af72sm8qfzq48umdlnhaj9kuns3le9ll node and it is not vulnerable. You may get different results with different services installed
