top | item 41662589

(no title)

bshipp | 1 year ago

How does an attacker exploit this vulnerability?

  - An attacker can exploit this vulnerability if it can connect to the host via UDP port 631, which is by default bound to INADDR_ANY, in which case the attack can be entirely remote, or if it's on the same network of the target, by using mDNS advertisements.

What does an attacker gain by exploiting this vulnerability?

  - Remote execution of arbitrary commands when a print job is sent to the system printer.

How was the vulnerability discovered?

  - A lot of curiosity (when I noticed the \*:631 UDP bind I was like "wtf is this?!" and went down a rabbit hole ...) and good old source code auditing.

Is this vulnerability publicly known?

  - No, the bugs are not known and the FoomaticRIPCommandLine vulnerability is known to be already patched (it isn't).

Is there evidence that this vulnerability is being actively exploited?

  - Not to the best of my knowledge.

discuss

No comments yet.