Techly NewsGet the app

Get the latest tech news

RCE Vulnerability Discovered in Cups


CUPS disclosure leaked online. Not my report. The original author is @evilsocket - cups-browsed.md

The following report explains how to exploit this in order force the service to write user controlled data to the temporary file and ultimately achieving code execution via network request. Some time ago the cups-filters maintainers took over maintainership of the foomatic-filters part for CUPS as well, and integrated it cleanly into cups- filters. I'm attaching the exploit code, it uses the ippserver package ( [ https://github.com/h2g2bob/ipp-server] ), run as exploit.py ATTACKER_EXTERNAL_IP TARGET_IP, will create the/tmp/I_AM_VULNERABLE file on the target machine when a print job is started:

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Cups

Cups

Related news:

News photo

Attacking UNIX Systems via CUPS

News photo

Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS

News photo

Drinking 3 cups of coffee linked to preventing multiple diseases

« Apple Removes ‘Parasitic’ Streaming App 'Musi' Following Persistent Complaints
Why the U.S. can't build icebreaking ships »