this post was submitted on 27 Sep 2024
42 points (100.0% liked)

Linux

5362 readers
116 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
 

cross-posted from: https://ani.social/post/6217644

you are viewing a single comment's thread
view the rest of the comments
[–] mox@lemmy.sdf.org 1 points 1 month ago

Based on this...

Exploitation involves sending a malicious UDP packet to port 631 on the target, directing it to an attacker-controlled IPP server. The system’s cups-browsed service then connects back, fetching printer attributes, which include malicious PPD directives. When a print job starts, these directives execute, allowing the attacker’s code to run on the target system.

...it seems the exploit can be triggered either remotely through your CUPS instance listening on port 631, or locally by interacting with a malicious/compromised print server.

So if I understand correctly, shutting down that port wouldn't be enough by itself. You would also have to keep your system from initiating contact with such a server, such as by using a public printer, or conceivably even just browsing printers at a cafe/business/school. I haven't read the exploit details, so I don't know which interactions are safe, if any.