| Deutsch English Français Italiano |
|
<vd6oln$nlc8$3@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.roellig-ltd.de!news.mb-net.net!open-news-network.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: -hh <recscuba_google@huntzinger.com> Newsgroups: comp.os.linux.advocacy Subject: Re: 9.9/10 security vulnerability affecting Linux (and others) set to be revealed on October 6th Date: Fri, 27 Sep 2024 13:05:59 -0400 Organization: A noiseless patient Spider Lines: 235 Message-ID: <vd6oln$nlc8$3@dont-email.me> References: <2O1JO.214184$FzW1.145017@fx14.iad> <vd2mdm$1ue8$1@dont-email.me> <alcJO.194436$kxD8.182014@fx11.iad> <vd5bkk$jdi1$1@dont-email.me> <cJxJO.172505$1m96.122070@fx15.iad> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Fri, 27 Sep 2024 19:05:59 +0200 (CEST) Injection-Info: dont-email.me; posting-host="847d01ba9e0c452dfcb9045efda32f65"; logging-data="775560"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+PyZxhZvnAilttlc8tc7luiGJ5KqZDw5A=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:X/NFpAgiTIDIHMWEKaWkmDFdx84= Content-Language: en-US In-Reply-To: <cJxJO.172505$1m96.122070@fx15.iad> Bytes: 11375 On 9/27/24 8:40 AM, CrudeSausage wrote: > On 2024-09-27 12:17 a.m., RonB wrote: >> On 2024-09-26, CrudeSausage <crude@sausa.ge> wrote: >>> On 2024-09-26 12:03 a.m., RonB wrote: >>>> On 2024-09-26, CrudeSausage <crude@sausa.ge> wrote: >>>>> Worse than Heartbleed, Meltdown or Spectre. According to a GitHub >>>>> developer: >>>>> >>>>> "From a generic security point of view, a whole Linux system as it is >>>>> nowadays is just an endless and hopeless mess of security holes >>>>> waiting >>>>> to be exploited." (kind of like Chris Ahlstrom's body) >>>>> >>>>> <https://cybersecuritynews.com/critical-unauthenticated-rce-flaw/> >>>> >>>> Yet another "catastrophic" Linux security threat that will be fixed >>>> within >>>> days. >>> >>> They're working on it and so far coming up with no way of fixing it. I >>> wouldn't be surprised if there is no solution by October 6th. If that is >>> the case, you just know that bad actors will be attacking Linux >>> relentlessly from October 7th on. This looks like the real deal. 9.9/10 >>> is pretty serious when you consider that the aforementioned issues were >>> rated between 5 and 7 on 10. >>> >>>> You realize that Cyber Security News makes their case for existence by >>>> hyperventilating about potential "catastrophic" security threats, >>>> right? >>> >>> Perhaps, but the developers on GitHub have been freaking out as well to >>> a point that Lunduke felt it necessary to bring this problem to light. >>> Those developers are usually arrogant about their ability to fix such >>> issues, not this time. >> >> Interestingly enough, since this works through the CUPS system On >> Unix-based >> machines, this also affects MacOS. Odd Cyber Security News didn't mention >> that little factlet. >> >> Summary >> >> The first of a series of blog posts has been published detailing a >> vulnerability in the Common Unix Printing System (CUPS), which >> purportedly allows attackers to gain remote access to UNIX-based >> systems. >> The vulnerability, which affects various UNIX-based operating >> systems, >> can be exploited by sending a specially crafted HTTP request to >> the CUPS >> service. >> Threat Topography >> >> Threat Type: Remote code execution vulnerability in CUPS service >> Industries Impacted: UNIX-based systems across various industries, >> including but not limited to, finance, healthcare, and government >> Geolocation: Global, with potential impact on UNIX-based systems >> worldwide >> Environment Impact: High severity, allowing attackers to gain >> remote >> access and execute arbitrary code on vulnerable systems >> >> Overview >> >> X-Force Incident Command is monitoring what claims to be the first >> in a >> series of blog posts from security researcher, Simone Margaritelli, >> detailing a vulnerability in the Common Unix Printing System (CUPS), >> which purportedly can be exploited by sending a specially crafted >> HTTP >> request to the CUPS service. The vulnerability affects various >> UNIX-based >> operating systems, including but not limited to, Linux and macOS. The >> vulnerability can be exploited to gain remote access to affected >> systems, >> allowing attackers to execute arbitrary code and potentially gain >> elevated privileges. X-Force is investigating the disclosure and >> monitoring for exploitation. We will continue to monitor this >> situation >> and provide updates as available. >> >> Key Findings >> >> The vulnerability affects various UNIX-based operating systems, >> including but not limited to, Linux and macOS >> All versions of Red Hat Enterprise Linux (RHEL) are affected, >> but are >> not vulnerable in their default configurations. >> The vulnerability can be exploited by sending a specially >> crafted HTTP >> request to the CUPS service >> The vulnerability allows attackers to gain remote access to >> affected >> systems and execute arbitrary code >> The vulnerability has been identified as high severity, with >> potential >> for significant impact on affected organizations >> >> Mitigations/Recommendations >> >> Disable the CUPS service or restrict access to the CUPS web >> interface >> In case your system can’t be updated and you rely on this service, >> block all traffic to UDP port 631 and possibly all DNS-SD traffic >> (does not apply to zeroconf) >> Implement additional security measures, such as network >> segmentation >> and access controls, to limit the spread of the vulnerability >> Conduct thorough vulnerability assessments and penetration >> testing to >> identify and remediate any other potential vulnerabilities >> Implement robust incident response and disaster recovery plans to >> mitigate the impact of a potential breach >> >> https://securityintelligence.com/news/fysa-critical-rce-flaw-in-gnu- >> linux-systems/ >> >> And this... >> >> That doomsday critical Linux bug: It's CUPS. May lead to remote >> hijacking >> of devices >> >> No patches yet, can be mitigated, requires user interaction >> Thu 26 Sep 2024 // 17:34 UTC >> Final update After days of anticipation, what was billed as one or >> more >> critical unauthenticated remote-code execution vulnerabilities in all >> Linux systems was today finally revealed. >> >> In short, if you're running the Unix printing system CUPS, with >> cups-browsed present and enabled, you may be vulnerable to attacks >> that >> could lead to your computer being commandeered over the network or >> internet. The attacks require the victim to start a print job. Do >> not be >> afraid. >> >> The bugs were found and privately reported by software developer >> Simone >> Margaritelli who has now openly disclosed the security weaknesses in >> detail here. This write-up is said to be part one of two or maybe >> three, >> so expect more info at some point. >> >> He went public today at 2000 UTC after seemingly becoming >> frustrated with >> the handling of his vulnerability reports by CUPS developers. No >> patches >> are available yet. Public disclosure was previously expected to be no >> later than September 30. >> >> What you need to know for now, according to Margaritelli, is: >> Disable and/or remove the cups-browsed service. >> >> Update your CUPS installation to bring in security updates if or >> when >> available. >> >> Block access to UDP port 631 and consider blocking off DNS-SD, too. >> >> It affects "most" Linux distros, "some" BSDs, possibly Google >> ChromeOS, >> Oracle's Solaris, and potentially others, as CUPS is bundled with >> various distributions to provide printing functionality. >> >> To exploit this across the internet or LAN, a miscreant needs to >> reach >> your CUPS service on UDP port 631. Hopefully none of you have that >> facing the public internet. The miscreant also has to wait for >> you to >> start a print job. >> >> If port 631 isn't directly reachable, an attacker may be able to >> spoof >> zeroconf, mDNS, or DNS-SD advertisements to achieve exploitation. ========== REMAINDER OF ARTICLE TRUNCATED ==========