- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
I hope this goes without saying but please do not run this on machines you don’t own.
The good news:
- the exploit seems to require user action
The bad news:
-
Device Firewalls are ineffective against this
-
if someone created a malicious printer on a local network like a library they could create serious issues
-
it is hard to patch without breaking printing
-
it is very easy to create printers that look legit
-
even if you don’t hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall
TLDR: you should be careful hitting print
The questionable commit:
{ // Add the first line of localized text... cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice); while (*text && *text != '\n') { // Escape ":" and "<"... if (*text == ':' || *text == '<') cupsFilePrintf(fp, "<%02X>", *text); else cupsFilePutChar(fp, *text); text ++; } cupsFilePuts(fp, ": \"\"\n"); }
Can someone explain to me how this allows arbitrary code execution? As far as I can see, all it does iterate through a string and markup some special characters.
Take a look at the exploit code
From what I understand, this allows arbitrary command execution. So, an attacker can specify a string of text that something on the affected system will just plop into a command line and execute.