Attacking UNIX Systems via CUPS, Part IevilsocketHello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s
RemediationPas mal
Disable and remove the cups-browsed service if you don’t need it (and probably you don’t).
Update the CUPS package on your systems.
In case your system can’t be updated and for some reason you rely on this service, block all traffic to UDP port 631 and possibly all DNS-SD traffic (good luck if you use zeroconf).
Entirely personal recommendation, take it or leave it: I’ve seen and attacked enough of this codebase to remove any CUPS service, binary and library from any of my systems and never again use a UNIX system to print. I’m also removing every zeroconf / avahi / bonjour listener. You might consider doing the same.
Et le tweet qui précède celui qui contient le lien ci-dessus, à savoir https://xcancel.com/evilsocket/status/1839394449346154690 , contient "For the record: this is a coordinated disclosure because CERT's VINCE had a leak."
EDIT: formattage et ajout d'une quote plus large.