On 2024-09-27 16:57, Pit Suetterlin via openSUSE Users wrote:
David C. Rankin wrote:
All,
There is a remote code execution bug in CUPS with no patch as of yet:
https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/
The article contains mitigation steps if you have a public facing (or untrusted local) CUPS server.
Hmm. I had a look at my laptop, as I use(d) cups-browsed to easily print in various locations.
Had a look at cups-browsed.conf, and that has the BrowseAllow/Deny/Order options. So I set Order to 'Allow,Deny' and set Allow to the IP of our printhost. However, if I then start cups-browsed, and check open ports, it still says cups-brow 120068 root 7u IPv4 156935 0t0 UDP *:ipp
So it's not really clear to me if that method is sufficient. The article doesn't help there...
Any opinions?
Isn't that lsof? lsof only shows (lsof -i :ipp) if port ipp (631) is open not what to do with it, right? I'd nmap my computer from another one: nmap -sU -T5 -p 631 <your_ip> -- /bengan