Skip to main content
Topic: decade old RCE flaw in linux? (Read 894 times) previous topic - next topic
0 Members and 3 Guests are viewing this topic.

Re: decade old RCE flaw in linux?

Reply #1
RTFM:

https://en.wikipedia.org/wiki/Snake_oil
"Wer alles kann, macht nichts richtig"

Artix USE="runit openrc slim openbox lxde gtk2 qt4 qt5 qt6 conky
-gtk3 -gtk4 -adwaita{cursors,themes,icons} -gnome3 -kde -plasma -wayland "

Re: decade old RCE flaw in linux?

Reply #2
I assume the RCE flaw that is spoken about is the one talked about by (somewhat well-known) Italian security aficionado evilsocket (see https://threadreaderapp.com/thread/1838169889330135132.html).

There is a timeline for release of details, it seems that there will be an initial release on OpenWall around September 30th, 2024.

I wouldn't assume so quickly that it's snake oil, but as all things it should be taken with a grain of salt.

It seems that EvilSocket is in contact with Canonical and RedHat, so all the correct procedures for reporting a security vulnerability are being followed, apparently.

I would say, let's see what comes out of it.

Re: decade old RCE flaw in linux?

Reply #3
I came across this recently, although it's not a new discovery:
https://thehackernews.com/2019/08/dslr-camera-hacking.html
https://www.techradar.com/pro/security/this-devious-wi-fi-security-flaw-could-let-hackers-eavesdrop-on-your-network-with-ease

A lot of cameras and camcorders have included built in wifi for many years, on many devices it's permanently enabled with no "off" switch or setting. They don't get updates to fix security holes either, unless the manufacturer releases a new firmware version and the user installs it, both of which are unlikely. The camera can be remotely accessed for spying, existing pictures and videos can be viewed or it might be possible to use this as a route to install malware on your computer when you connect to the camera. The access can also be used to destroy the camera or for data deletion. Other internet enabled devices on your network might also create weaknesses, something to consider besides your computer itself.

Re: decade old RCE flaw in linux?

Reply #6
Quote from: corysanin – on
Do you get off on posting RTFM? There's skepticism and then there's this.

The rapidly advancing stultification can be recognised not least by the fact that more and more people perceive reading and understanding as two completely different, completely independent processes.

Or which part of "Read The Friendly Manual" is too complicated for you?
"Wer alles kann, macht nichts richtig"

Artix USE="runit openrc slim openbox lxde gtk2 qt4 qt5 qt6 conky
-gtk3 -gtk4 -adwaita{cursors,themes,icons} -gnome3 -kde -plasma -wayland "

Re: decade old RCE flaw in linux?

Reply #7
Quote from: lq – on
Or which part of "Read The Friendly Manual" is too complicated for you?
RTFM = "Read the fucking manual" not "Read the friendly manual."

For some reason you are hiding behind a bowdlerisation?

If I write STFU everybody will read that as "Shut the fuck up" not "Save the friendly Unicorn" no matter what I claim as my intended meaning.
Let's at least call a spade a spade

Re: decade old RCE flaw in linux?

Reply #8
Hackthebox has a machine just released today to learn how to exploit this CUPS vuln

Quote
About EvilCUPS
EvilCUPS is a Medium difficulty Linux machine that features a CUPS Command Injection Vulnerability [CVE-2024-47176](https://nvd.nist.gov/vuln/detail/CVE-2024-47176). This CVE allows remote unauthenticated users the ability to install a malicious printer on the vulnerable machine over `UDP/631`. This printer is configured to utilize [Foomatic-RIP](https://linux.die.net/man/1/foomatic-rip) which is used to process documents and where the command injection happens. In order to trigger the command execution, a document needs to be printed. The CUPS Webserver is configured to allow anonymous users access to `TCP/631`. Navigating here makes it possible to print a test page on the malicious printer and gain access as the "lp" user. This user the ability to retrieve past print jobs, one of which contains the root password to the box.

Re: decade old RCE flaw in linux?

Reply #9
Quote from: jahway603 – on
Hackthebox has a machine just released today to learn how to exploit this CUPS vuln

Quote
About EvilCUPS
EvilCUPS is a Medium difficulty Linux machine that features a CUPS Command Injection Vulnerability [CVE-2024-47176](https://nvd.nist.gov/vuln/detail/CVE-2024-47176). This CVE allows remote unauthenticated users the ability to install a malicious printer on the vulnerable machine over `UDP/631`. This printer is configured to utilize [Foomatic-RIP](https://linux.die.net/man/1/foomatic-rip) which is used to process documents and where the command injection happens. In order to trigger the command execution, a document needs to be printed. The CUPS Webserver is configured to allow anonymous users access to `TCP/631`. Navigating here makes it possible to print a test page on the malicious printer and gain access as the "lp" user. This user the ability to retrieve past print jobs, one of which contains the root password to the box.

So, what about RTFM is relevant to this discussion?
 

Re: decade old RCE flaw in linux?

Reply #11
Quote from: replabrobin – on
Just when we were ready to relax

https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/
it uses systemd to stay persistent, so i guess it can fuck off outta our lawn xd

edit: smh, more red flags such as executable /tmp that shouldve been mounted as noexec (anything legit that tries to exec in /tmp should be accounted for from user's manual intervention)