Re: CUPS vulnerability (CVE2024-47176 and related ones)

To: debian-user@lists.debian.org
Subject: Re: CUPS vulnerability (CVE2024-47176 and related ones)
From: Andy Smith <andy@strugglers.net>
Date: Fri, 27 Sep 2024 13:51:10 +0000
Message-id: <[🔎] Zva4Tt327b0ypYjd@mail.bitfolk.com>
In-reply-to: <[🔎] ZvaxUbhyPm5jpGws@pi.h5.or.at>
References: <[🔎] ZvajctFCLYyFI--2@pi.h5.or.at> <ZvawFweB4E/DV0Rf@mail.bitfolk.com> <[🔎] ZvaxUbhyPm5jpGws@pi.h5.or.at>

Hi,

On Fri, Sep 27, 2024 at 03:21:21PM +0200, Ralph Aichinger wrote:
> oh well, the sensationalism around this is probably overdone
> nevertheless.

As far as I understand it, you would need cups-browsed running on an
unfirewalled host in which case an attacker could create a bogus printer
that executed something as the "lp" user next time a user did a print
job.

The reporter asked for a score of 9.9 and made a lot of noise about it,
and has since got upset that people asked for a reality check on that.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- CUPS vulnerability (CVE2024-47176 and related ones)
  - From: Ralph Aichinger <ra@h5.or.at>
- Re: CUPS vulnerability (CVE2024-47176 and related ones)
  - From: Andy Smith <andy@strugglers.net>
- Re: CUPS vulnerability (CVE2024-47176 and related ones)
  - From: Ralph Aichinger <ra@h5.or.at>

Prev by Date: Re: CUPS vulnerability (CVE2024-47176 and related ones)
Next by Date: Change file picker in browsers
Previous by thread: Re: CUPS vulnerability (CVE2024-47176 and related ones)
Next by thread: Change file picker in browsers
Index(es):
- Date
- Thread