Critical Unauthenticated RCE Flaw Impacts All GNU/Linux Systems
'"Looks like there's a storm brewing, and it's not good news," writes ancient Slashdot reader jd. "Whether or not the bugs are classically security defects or not, this is extremely bad PR for the Linux and Open Source community. It's not clear from the article whether this affects other Open Source projects, such as FreeBSD." From a report: A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems. As per agreements with developers, the flaw, which has existed for over a decade, will be fully disclosed in less than two weeks. Despite the severity of the issue, no Common Vulnerabilities and Exposures (CVE) identifiers have been assigned yet, although experts suggest there should be at least three to six. Leading Linux distributors such as Canonical and RedHat have confirmed the flaw's severity, rating it 9.9 out of 10. This indicates the potential for catastrophic damage if exploited. However, despite this acknowledgment, no working fix is still available. Developers remain embroiled in debates over whether some aspects of the vulnerability impact security.' -- source: https://it.slashdot.org/story/24/09/25/2150210 Cheers, Peter
Does anyone have more information about this vulnerability? Cheers, Ben -----Original Message----- From: Peter Reutemann <fracpete(a)gmail.com> Sent: Thursday, 26 September 2024 3:46 pm To: wlug List <wlug(a)list.waikato.ac.nz> Subject: [wlug] Critical Unauthenticated RCE Flaw Impacts All GNU/Linux Systems '"Looks like there's a storm brewing, and it's not good news," writes ancient Slashdot reader jd. "Whether or not the bugs are classically security defects or not, this is extremely bad PR for the Linux and Open Source community. It's not clear from the article whether this affects other Open Source projects, such as FreeBSD." From a report: A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems. As per agreements with developers, the flaw, which has existed for over a decade, will be fully disclosed in less than two weeks. Despite the severity of the issue, no Common Vulnerabilities and Exposures (CVE) identifiers have been assigned yet, although experts suggest there should be at least three to six. Leading Linux distributors such as Canonical and RedHat have confirmed the flaw's severity, rating it 9.9 out of 10. This indicates the potential for catastrophic damage if exploited. However, despite this acknowledgment, no working fix is still available. Developers remain embroiled in debates over whether some aspects of the vulnerability impact security.' -- source: https://it.slashdot.org/story/24/09/25/2150210 Cheers, Peter _______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
On Thu, 26 Sep 2024 15:46:13 +1200, Peter Reutemann quoted:
'A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems.'
It’s a bug in cups-browsed. Details have appeared all over the place, I found a copy here <https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1>. Summary: cups-browsed is listening on UDP port 631 for notifications of new printers appearing on the network; it blindly trusts the information it receives, leading to the code execution vulnerability. If you run CUPS, but don’t need the ability to dynamically discover printers, just get rid of this service for now: systemctl disable --now cups-browsed.service
I wrote:
If you run CUPS, but don’t need the ability to dynamically discover printers, just get rid of this service for now:
systemctl disable --now cups-browsed.service
You can check before and after with ss -nlu sport = 631 That should show one listening socket entry if cups-browsed is running, none if it is not.
On 27/09/24 12:10, Lawrence D'Oliveiro wrote:
On Thu, 26 Sep 2024 15:46:13 +1200, Peter Reutemann quoted:
'A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems.' It’s a bug in cups-browsed. Details have appeared all over the place, I found a copy here <https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1>.
Summary: cups-browsed is listening on UDP port 631 for notifications of new printers appearing on the network; it blindly trusts the information it receives, leading to the code execution vulnerability.
That explains the cups updates this morning... https://www.omgubuntu.co.uk/2024/09/ubuntu-secuity-fix-cups-vulnerability Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, Hamilton, NZ Mobile +64 22 190 2375 https://profiles.waikato.ac.nz/peter.reutemann http://www.data-mining.co.nz/
participants (4)
-
Ben Cottrell -
Lawrence D'Oliveiro -
Peter Reutemann -
Peter Reutemann