[image] Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full... Stay up to date with the latest news on a critical Linux vulnerability. Learn about its severity, impact, and ongoing efforts to find a fix.

https://forum.endeavouros.com/faq#be-civil Let’s try to keep the discussion focused on the vulnerability. It’s fine to post links to relevant videos and share your opinions on the content, but please make an effort to keep the politics out of it.

systemctl status cups-browsed If for any reason you have cups-browsed enabled, disable it now.

In light of the fact that this is an interesting and still-developing topic, and the first part of the disclosure was just published, I have agreed to reopen the discussion. Please be aware that pointless political bickering is prohibited. Politics have proven time and time again to be way too pola…

Unit cups-browsed.service could not be found. :partying_face:

For anyone interested, you can find the disclosure write-up (quite humorous, may I note) here: [image] Attacking UNIX Systems via CUPS, Part I Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with ta…

Red Hat’s repsonse is here: [image] Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076,... An overview and mitigation information for the vulnerabilities affecting OpenPrinting CUPS.

is this all there is to it? if this service is not enabled, the whole vulnerability is gone?

The service provides the entry point, so in a nutshell, yes - no service, no entry point.

But wait, is it possible the service is called something else on arch? i have cupsd listening on TCP port 631. tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 780/cupsd tcp6 0 0 ::1:631 :::* LISTEN 780/cu…

The name of the service is cups-remoted on Arch. It seems to be an package that is not installed by default. Remove it or disable it and that’s it, as I understand it.

Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

Lounge Linux lounge

thefrog September 27, 2024, 1:36pm 28

should this thread be merged with this one?