DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th September 2024
jmccue jmccue is offline
Real Name: John McCue
Package Pilot
 
Join Date: Aug 2012
Location: here
Posts: 196
Default Linux - mystry critical RCE

Seems someone found a very critical Removed Code Execution vulnerability in Linux. It is yet to be disclosed.

https://securityonline.info/severe-u...ll-disclosure/
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars (tvtropes.org)
Reply With Quote
  #2   (View Single Post)  
Old 26th September 2024
Head_on_a_Stick's Avatar
Head_on_a_Stick Head_on_a_Stick is offline
Real Name: Matthew
The Deliverator
 
Join Date: Dec 2015
Location: London
Posts: 489
Default

9.9 severity?
__________________
Para todos todo, para nosotros nada
Reply With Quote
  #3   (View Single Post)  
Old 27th September 2024
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,549
Default

I'm guessing it is the cups-browsed cve. I started a new thread with a link to the redhat cve announcement.
https://daemonforums.org/showthread.php?t=12647
Reply With Quote
  #4   (View Single Post)  
Old 7th October 2024
blackhole's Avatar
blackhole blackhole is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 339
Default

https://www.evilsocket.net/2024/09/2...a-CUPS-Part-I/
Quote:
After some googling I found out that cups-browsed is indeed part of the CUPS system and it is responsible for discovering new printers and automatically adding them to the system. Very interesting, I had no idea Linux just added anything found on a network before the user can even accept or be notified.
In my view, this is more than half the problem: "auto-configuration".

There was a time when it was convenient for a Windows OS to automatically execute an "autorun" file on optical media......

It's the security/convenience tradeoff. Big Tech make a lot of noise about security, there is a lot of scaremongering, but in reality security is a product for them. When it comes down to it, history tells the sorry tale of one failing after another.

Recently on a Debian system, I had to fight with CUPS / IPP installing an auto-configured printer, instead of allowing me to install it manually via the vendor ppd file, with the driver options I needed. It was treating USB printers the same as IPP printers and just auto-installing...

Eventually I just got rid of avahi and ipp-usb and that put an end to it.
Reply With Quote
  #5   (View Single Post)  
Old 7th October 2024
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,549
Default

Quote:
Originally Posted by blackhole View Post

Recently on a Debian system, I had to fight with CUPS / IPP installing an auto-configured printer, instead of allowing me to install it manually via the vendor ppd file, with the driver options I needed. It was treating USB printers the same as IPP printers and just auto-installing...

Eventually I just got rid of avahi and ipp-usb and that put an end to it.
Another option is that Debian provides the BSD lpr print system.

https://packages.debian.org/trixie/lpr

Outside of changing the path to any filter you're using, in the past my BSD configuration files have exported into Debian over easily. When I get time I plan on migrating my latest Debian system to lpr.
Reply With Quote
Reply

Tags
linux rce

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux kernel: Critical UFS file system bug in 4.9 and 4.11 kernels (4.8.4 and above) comet--berkeley Other BSD and UNIX/UNIX-like 1 19th June 2017 05:13 PM
Security Highly critical “Ghost” allowing code execution affects most Linux systems J65nko News 6 29th January 2015 01:44 AM
Security Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping J65nko News 0 4th March 2014 10:59 PM
FreeBSD FreeBSD: A Faster Platform For Linux Gaming Than Linux? vermaden News 6 15th September 2011 03:45 AM
Other Another Linux Security Breach (this time at Linux Foundation) vermaden News 0 12th September 2011 07:00 AM


All times are GMT. The time now is 01:22 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick