MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
cups
Recherche

Remote exploit of CUPS

jeudi 26 septembre 2024, 23:22 , par LWN.net
Security researcher Simone Margaritelli

has reported a new vulnerability in

CUPS, the software that many Linux systems use to manage printers and print jobs. Margaritelli describes the impact of the attack by saying:

A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).

The vulnerability relies on a few related problems in CUPS libraries and utilities; versions before 2.0.1 or 2.1b1 (depending on the component) may be affected.

Red Hat has released a security bulletin as well.
Lire la suite sur LWN.net
https://lwn.net/Articles/991929/

Voir aussi

cups 'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks TheRegister 7 Oct
remote Akamai finds many systems with exposed CUPS vulnerability LWN.net 5 Oct
vulnerability Akamai Warns CUPS-Browsed Vulnerability Also Brings New Threat of DDoS Attacks Slashdot 5 Oct
exploit Akamai Warns CUPS Vulnerability Also Brings New Threat of DDoS Attacks Slashdot 5 Oct
print Attackers Exploit Critical Zimbra Vulnerability Using CC'd Email Addresses Slashdot 3 Oct
margaritelli 700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking TheRegister 2 Oct
computer Mazda's $10 Subscription For Remote Start Sparks Backlash After Killing Open Source Option Slashdot30 Sep
security Remote ID verification tech is often biased, bungling, and no good on its own TheRegister30 Sep
cups HP’s new remote support service can even resurrect unbootable PCs ComputerWorld27 Sep
remote That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices TheRegister26 Sep
vulnerability That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices TheRegister26 Sep
exploit Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town TheRegister23 Sep
print Citrix adds remote Mac support, but some customers are grumpy TheRegister20 Sep
margaritelli VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation TheRegister17 Sep
computer Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing TheRegister12 Sep
security Remote access tools leave OT systems at risk of attack BetaNews10 Sep
cups Remote Indigenous tribe kills encroaching loggers in Amazon BoingBoing 9 Sep
remote Zoom profits up despite CEO's doubts about remote working TheRegister22 Aug
vulnerability Download our remote IT support tools enterprise buyer’s guide ComputerWorld22 Aug
exploit Time to update Chrome (again) to patch another zero-day exploit PC World22 Aug
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
ven. 15 nov. - 23:35 CET