Remote exploit of CUPS


Security researcher Simone Margaritelli 
<a href="https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/" rel="nofollow">
has reported</a> a new vulnerability in 
<a href="https://openprinting.github.io/cups/" rel="nofollow">
CUPS</a>, the software that many Linux systems use to manage printers and print jobs. Margaritelli describes the impact of the attack by saying:



A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).



The vulnerability relies on a few related problems in CUPS libraries and utilities; versions before 2.0.1 or 2.1b1 (depending on the component) may be affected.


https://lwn.net/Articles/991929/