Regarding the Linux RCE thing doing the rounds from Twitter: https://cyberplace.social/@GossiTheDog/113194080852739654
-
Regarding the Linux RCE thing doing the rounds from Twitter: https://cyberplace.social/@GossiTheDog/113194080852739654
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
Regarding the "unspecified Linux vulnerability" that the author has been "hyping the shit out of" (their words) all week -
It's accidentally leaked, due to an unpaid open source maintainer making a boo boo.
It's in CUPS, a printing subsystem. It isn't Linux specific.
CUPS isn't faced much to the internet, I've checked and done a Shodan Safari. It also isn't installed by default on Linux server installs for almost all distros.
It's not a big deal, update packages are dropping, don't panic.
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
Pouring one out for the unpaid open source maintainers dealing with this stuff for the past few weeks.
I notice the finder tweeting about it (before the announcement window) has turned off the ability to reply to their tweets.
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
Re the “Linux RCE” story, I’d like to point the press breathlessly covering this to one minor (sarcasm) detail for exploitation: “A potential victim attempts to print from the malicious device”
My thoughts on how this has played out: https://www.linkedin.com/posts/kevin-beaumont-security_open-source-has-many-unpaid-volunteers-who-activity-7245168546840793088-3N7A?utm_source=share&utm_medium=member_ios
-
Lesley Carhart :unverified:replied to Kevin Beaumont last edited by
@GossiTheDog I last printed successfully from Linux in 1998. YMMV.
-
pootriarch ⏚ :witches_town:replied to Lesley Carhart :unverified: last edited by
@hacks4pancakes @catsalad @GossiTheDog please consider the environment before printing this exploit