Jump in the discussion.

No email address required.

Fricking printers, yet again. Fun fact, Stuxnet even used exploits in Windows' print spooler.

!fosstards

Jump in the discussion.

No email address required.

You know windows, even modern windows printers are based on 3 vb files?

Jump in the discussion.

No email address required.

:marseytearsofblo#od:

Jump in the discussion.

No email address required.

Frick printers

Jump in the discussion.

No email address required.

https://media.tenor.com/pk6LOwBSxi8AAAAx/break-break-the-printer.webp


:!marseybooba:

Jump in the discussion.

No email address required.

https://i.rdrama.net/images/17274161857135231.webp

Jump in the discussion.

No email address required.

Frick printers

PC LOAD LETTER

Jump in the discussion.

No email address required.

https://media.tenor.com/tI07cPfXb8gAAAAx/that-was-it-ian.webp

How am i supposed to gloat about how much better mac chan is with this nothingburger

Jump in the discussion.

No email address required.

You can RCE with a UDP Packet, and its pretty easy to do... and its not just linux

Jump in the discussion.

No email address required.

The exploit was sold as effecting every linux computer. I was thinking like complete own of the network stack dating back to 2.6.

If you're not printing...just disable CUPS? If you are printing...don't put it on the internet and keep untrusted devices off the network.

I mean, it'll be fun to pwn network printers now though lol

Jump in the discussion.

No email address required.

Send them hundreds and hundreds of pages of solid black printouts

:#marseytypinglaugh:

Jump in the discussion.

No email address required.

@weev didn't you send a lot of white nationalist trvth nvkes to network printers back in the day?

Jump in the discussion.

No email address required.

i miss the good old days where you would make a loop of black paper to fax someone

Jump in the discussion.

No email address required.

Yea, this won't effect most any IoT devices I'd imagine. Shame I was hoping to jailbreak some

Jump in the discussion.

No email address required.

literally no one has CUPS installed and if they do they only have it open to loopback address lmao

Jump in the discussion.

No email address required.

I have cups installed but it's irreparably broken so I just ftp everything to my phone and print using the cannon app :derpprocessing:

https://media.tenor.com/w8VnsGC6qjUAAAAx/peepo-leave.webp

https://media.tenor.com/OUYVUInLzHIAAAAx/hacker-pepe.webp

https://media.tenor.com/n9KS_7ITkAsAAAAx/adventure-time-jake.webp

https://media.tenor.com/gNXPexLanv8AAAAx/finished-im-so-done.webp

Jump in the discussion.

No email address required.

:marseycoffee:

Jump in the discussion.

No email address required.

I found it installed and activated by default on my 20.04 LTS PC.

Jump in the discussion.

No email address required.

https://media.tenor.com/iBy1lw4OZ_wAAAAx/big-lebowski-the-dude.webp

Jump in the discussion.

No email address required.

I was actually just configuring it at work but it's behind like 7 proxies

Jump in the discussion.

No email address required.

Jokes on you I cant even connect half the time

Jump in the discussion.

No email address required.

It sounds like someone has to try and use your fake printer for RCE, so only impacts r-slurs.

Jump in the discussion.

No email address required.

Then:

>apple is so much better than linux

>you guys couldn't even print if it wasn't for apple open sourcing CUPS

Now:

>uhhh

>uhhhhhh

Jump in the discussion.

No email address required.

It appears CUPS was invented before that :marseymoreyouknow#:

Michael Sweet, who owned Easy Software Products, started developing CUPS in 1997 and the first public betas appeared in 1999

Jump in the discussion.

No email address required.

The bug is supposedly ten years old, which places it well within the apple era of CUPS. I think I can safely declare this one an itoddlers btfo

Jump in the discussion.

No email address required.

https://i.rdrama.net/images/17274041762176676.webp

The real problem is the :marseyrave: :marseytrans2: never wrote it.

Jump in the discussion.

No email address required.

this is not a memory safety issue, a rust version would have also been vulnerable

Jump in the discussion.

No email address required.

That was a given from the start

Jump in the discussion.

No email address required.

Im still using the default closed source drivers. Maybe stop free loading :marseymerchant:

Jump in the discussion.

No email address required.

Hahaha way ahead of this I was smart enough to never even try printing from my current Linux install

Jump in the discussion.

No email address required.

Skill issue

Jump in the discussion.

No email address required.

I pay my bills online

Anon, I have bad news for you

Jump in the discussion.

No email address required.

Am I missing something, but doesn't someone have to attempt to print on your malicious printer for the code execution to happen? Who is printing to a random printer?

Jump in the discussion.

No email address required.

I am

:marseyhack#er2:


:!marseybooba:

Jump in the discussion.

No email address required.

Literally no one

Jump in the discussion.

No email address required.

The exploit adds a printer to the list of printers on your host (god_god_god_god in the video) without any user confirmation.

Jump in the discussion.

No email address required.

Yes, but why would I print to a random printer?

Jump in the discussion.

No email address required.

Who could resist an HP Laser Jet named every_time_you_print_a_redditor_dies.

Jump in the discussion.

No email address required.

Jokes on them. I was too stupid to get CUPS working when I was running Arch.

I'd like to see Johnny Hacker take on my r-slurred butt in a showdown.

Jump in the discussion.

No email address required.

:#marsey3d: :#marseylaptop:

Jump in the discussion.

No email address required.

:#marseynothingburger: :#marseysleep:

Jump in the discussion.

No email address required.

Is there a cve link?

Jump in the discussion.

No email address required.

Not yet published.

Jump in the discussion.

No email address required.

tl;dr disable the cups-browser daemon if you have it until a patch comes

Jump in the discussion.

No email address required.

LGTM

Snapshots:

:

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.