Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

The service provides the entry point, so in a nutshell, yes - no service, no entry point.

But wait, is it possible the service is called something else on arch?
i have cupsd listening on TCP port 631.

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      780/cupsd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      780/cupsd          

I see in the bug description that UDP port 631 is vulnerable, but am curious if this bug can be triggered over TCP too, and if cupsd is also affected.

The name of the service is cups-remoted on Arch. It seems to be an package that is not installed by default. Remove it or disable it and that’s it, as I understand it.

1 Like

Personally, as long as you don’t actually use CUPS, I’d go with evilsocket’s suggestion of completely removing anything CUPS related from the system.

From reading the entirety of his write-up, the code-base really does look awful…

should this thread be merged with this one?

1 Like

If you need to print something and you’re on Linux, this is the only way. Until an alternative is developed, this is sadly the only way we can still print things on Linux. Frankly, just removing the entry point and you should be fine.

i have a network printer and need a printing service enabled.

then control the port. turn it off when you are not printing and turn it on when you are.

That service isn’t required for using a network printer. You can manually add a printer, you don’t have to use browsed.

I have a network printer and don’t even have it installed.

1 Like

At this point, let’s move the discussion to this topic to keep the solutions in one place:

3 Likes