datasheet
Embedded
Embedded>Embedded operating system> A "disaster" vulnerability was exposed in the Linux circle: it has existed for more than 10 years and affects almost all distributions

A "disaster" vulnerability was exposed in the Linux circle: it has existed for more than 10 years and affects almost all distributions

Publisher:DreamBig123Latest update time:2024-09-27 Source: IT之家Keywords:Linux Reading articles on mobile phones Scan QR code
Read articles on your mobile phone anytime, anywhere

On September 27, a serious remote code execution (RCE) vulnerability was exposed in the Linux circle. It has existed for more than 10 years and affects almost all GNU/Linux distributions. There is currently no patch to fix it, but it can be mitigated.

Software developer Simone Margaritelli first disclosed these RCE vulnerabilities in a tweet on the X platform on September 23. The relevant development teams have been notified and will be fully disclosed in the next two weeks.

Vulnerability damage

Margaritelli said that these vulnerabilities do not currently have CVE tracking numbers assigned, but there will be at least 3, and ideally 6.

Canonical (Ubuntu developer), Red Hat, and other distribution development teams and companies have confirmed the severity of these RCE vulnerabilities, with an estimated CVSS score of 9.9 (out of 10, with higher scores representing more dangerous), which indicates that if exploited, it could cause catastrophic damage.

Vulnerability Details

The vulnerability mainly exists in the Unix printing system CUPS. If the user is running CUPS and has enabled cups-browsed, there is a risk of being attacked, causing the user's device to be remotely hijacked.

However, the CUPS development team was divided on how to deal with the vulnerability, with some members arguing about the security impact of the vulnerability on actual operations, which Margaritelli expressed frustration with.

The researchers note that despite providing multiple proofs of concepts (PoCs) that systematically disproven developers’ assumptions, progress remains slow.

Mitigation

IT Home quoted Margaritelli as saying that there is currently no patch, and users can try the following mitigation solutions:

  • Disable or remove cups-browsed service

  • Update your CUPS installation to pull in security updates as they become available.

  • Block access to UDP port 631 and consider turning off DNS-SD.

  • If port 631 is not directly accessible, an attacker may be able to exploit it by spoofing zeroconf, mDNS, or DNS-SD advertisements.


Keywords:Linux Reference address:A "disaster" vulnerability was exposed in the Linux circle: it has existed for more than 10 years and affects almost all distributions

Previous article:The agenda of the 6th China Embedded Operating System Technology and Industry Development Forum was released
Next article:China Academy of Information and Communications Technology, Beijing University of Posts and Telecommunications and Tsinghua University jointly released an open source "tangible" embodied intelligent operating system

Recommended ReadingLatest update time:2024-11-21 20:13

Transplant Linux-2.6.30.4 kernel root file system construction
Last time, I only transplanted the linux-2.6.30.4 kernel, and used the root file system that comes with Tianjian. This time, I will try to make my own root file system. You can follow the steps below: 1. Transplant yaffs2 file system The kernel does not support the yaffs2 file system yet. You need to add support for
[Microcontroller]
Transplant Linux-2.6.30.4 kernel root file system construction
OK6410A Development Board (VIII) 91 linux-5.11 OK6410A Process Development History
Refer to the origin of process address space abstraction to understand the conversion from bare metal to OS At first it was bare metal Later multi-process Later, multithreading (i.e. coroutine) was implemented in user mode // A kind of Portable Thread belonging to the thread model Coroutines were first created, the
[Microcontroller]
OK6410A development board (three) 7 u-boot-2021.01 boot analysis u-boot and linux configuration part
U-boot configuration make O=output ok6410a_mini_defconfig // You don't need to specify ARCH (because it's written in defconfig) and CROSS_COMPILE (because it's not needed now, it's needed when building) when configuring // If CROSS_COMPILE is written, CROSS_COMPILE will be checked, and then it still needs to be writte
[Microcontroller]
GNU ARM Assembly - (XX) Summary
        From the first article in this series, which was on April 22, to today's summary, it has been more than 7 months. I use my spare time to study what I am interested in. The progress is slow and it is also tiring, but I have gained a lot.         The reason why I wrote this series is that when I was playing with
[Microcontroller]
OK6410A development board (eight) 5 linux-5.11 OK6410A usb port
The s3c6410 has two USB instances (both are brought out on the board), namely USB host and USB OTG. Here we are talking about USB host Code : https://github.com/lisider/linux/tree/ok6410a-linux-5.11 Submit id : dc485e937e8bccc1fc01b5e6d9025bf83b2b6f83 defconfig : arch/arm/configs/ok6410A_sdboot_mini_net_lcd_x11_usb
[Microcontroller]
OK6410A development board (eight) 5 linux-5.11 OK6410A usb port
Linux-2.6.32 ported to mini2440 development board - ported UDA1341 audio driver
1 Add UDA1341 device structure to the initialization file Linux-2.6.32.2 has perfectly supported the driver of UDA1341 audio chip. We only need to register the control port of UDA1341 platform device in arch/arm/mach-s3c2440/mach-mini2440.c file. Open mach-mini2440.c and add the following content: ; Add header
[Microcontroller]
tiny4412 learning (I) building a linux system from scratch
Hardware platform: tiny4412 System: linux-3.5-20151029 Filesystem: busybox-1.22.1.tar.bz2 Compiler: arm-linux-gcc-4.5.1   Purpose: Use uboot to boot the Linux system, mount the root file system, and build a Linux development environment.   Since the minitools provided by Friendly Arm are not open source, it is
[Microcontroller]
tiny4412 learning (I) building a linux system from scratch
Design of wireless multi-band WSN gateway based on Linux kernel
At present, the Internet of Things ( IOT ) is developing rapidly. This paper introduces a wireless multi-band WSN gateway that can monitor the operation of wireless sensor subnet nodes in multiple frequency bands through Ethernet or mobile communication network. 1 System overall structure The system designe
[Microcontroller]
Design of wireless multi-band WSN gateway based on Linux kernel
Popular Resources
Popular amplifiers
More
Latest Embedded Articles
He Limin Column Microcontroller and Embedded Systems Bible

Professor at Beihang University, dedicated to promoting microcontrollers and embedded systems for over 20 years.

MoreSelected Circuit Diagrams
Change More Related Popular Components
MorePopular Articles
MoreDaily News
Guess you like

EEWorld
subscription
account

EEWorld
service
account

Automotive
development
circle

About Us Customer Service Contact Information Datasheet Sitemap LatestNews


Room 1530, 15th Floor, Building B, No.18 Zhongguancun Street, Haidian District, Beijing, Postal Code: 100190 China Telephone: 008610 8235 0740

Copyright © 2005-2024 EEWORLD.com.cn, Inc. All rights reserved 京ICP证060456号 京ICP备10001474号-1 电信业务审批[2006]字第258号函 京公网安备 11010802033920号