Cybersecurity

5446 readers

30 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (www.theregister.com)

submitted 2 days ago by floofloof@lemmy.ca to c/cybersecurity@sh.itjust.works

6 comments fedilink hide all child comments

top 6 comments

sorted by: hot top controversial new old

[–] seaQueue@lemmy.world 12 points 1 day ago* (last edited 1 day ago)

If you have CUPS exposed to the public Internet you have much bigger problems than a new CUPS vulnerability. For all of the hype this exploit received over the last week it's the biggest nothing burger I've seen all year.

[–] Telorand@reddthat.com 21 points 2 days ago (2 children)

To exploit this across the internet or LAN, a miscreant needs to reach your CUPS service on UDP port 631. Hopefully none of you have that facing the public internet. The miscreant also has to wait for you to start a print job.

If port 631 isn't directly reachable, an attacker may be able to spoof zeroconf, mDNS, or DNS-SD advertisements to achieve exploitation on a LAN. Details of that path will be disclosed later, we're promised.

So don't expose 631 to the internet (why would you?) and know who's on your network. Be careful printing things on an untrusted network.

It's serious, but seems like a wonky attack vector for most.

[–] kylian0087@lemmy.dbzer0.com 3 points 16 hours ago

And to add to that most of the time CUPS is only exposed to local host by default.

[–] schizo@forum.uncomfortable.business 11 points 2 days ago (1 children)

It’s serious, but seems like a wonky attack vector for most.

Yeah, it's super trivially exploited, BUT it requires you to do a series of dumb things or let an attacker have access to your LAN which is one of those you-have-bigger-problems moments anyways.

And then you have to use their added printer (though there's an exploit path that may be usable to over-write the printer you already have configured, if the attacker knows what that might be) to print something before anything happens.

Dude who found it seems to have overhyped it just a little bit (while being a huge dick about it), but I could see how you might exploit this in certain circumstances.

[–] atzanteol@sh.itjust.works 12 points 2 days ago (1 children)

This could be an issue on like a college campus or something. Under those circumstances one should definitely be running a host-based firewall though.

[–] schizo@forum.uncomfortable.business 2 points 2 days ago

Yeah, and at that point your network should be enforcing client isolation too, which is also a mitigation for this specific issue in large, shared networks like a college campus, or office, or public Wi-Fi at wherever.