[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CUPS vulnerability (CVE2024-47176 and related ones)



Hi,

On Fri, Sep 27, 2024 at 03:21:21PM +0200, Ralph Aichinger wrote:
> oh well, the sensationalism around this is probably overdone
> nevertheless.

As far as I understand it, you would need cups-browsed running on an
unfirewalled host in which case an attacker could create a bogus printer
that executed something as the "lp" user next time a user did a print
job.

The reporter asked for a score of 9.9 and made a lot of noise about it,
and has since got upset that people asked for a reality check on that.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting


Reply to: