Re: CUPS vulnerability (CVE2024-47176 and related ones)
Hi,
On Fri, Sep 27, 2024 at 03:21:21PM +0200, Ralph Aichinger wrote:
> oh well, the sensationalism around this is probably overdone
> nevertheless.
As far as I understand it, you would need cups-browsed running on an
unfirewalled host in which case an attacker could create a bogus printer
that executed something as the "lp" user next time a user did a print
job.
The reporter asked for a score of 9.9 and made a lot of noise about it,
and has since got upset that people asked for a reality check on that.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: