GitHub - RickdeJager/cupshax
github.com
Contribute to RickdeJager/cupshax development by creating an account on GitHub.

I hope this goes without saying but please do not run this on machines you don’t own.

The good news:

  • the exploit seems to require user action

The bad news:

  • Device Firewalls are ineffective against this

  • if someone created a malicious printer on a local network like a library they could create serious issues

  • it is hard to patch without breaking printing

  • it is very easy to create printers that look legit

  • even if you don’t hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall

TLDR: you should be careful hitting print

    • @[email protected]
      57 months ago

      I mean both Red Hat and Ubuntu did ship updates to change the config of cups-browsed, so I don’t think that’s correct.

    • @[email protected]English
      47 months ago

      Not true, Arch and Ubuntu (the ones I personally checked on) already pushed patches that disabled cups browsed by default, removing the service listening on 631.