tags: linuxCUPS original link: Attacking UNIX Systems via CUPS, Part I newsletter link: exploits.club Weekly Newsletter 41 - Exploit Dev Lifecycle, Binder Internals, UEFI Deep-Dive, and More
Exploits Club Summary:
Youâre tired of hearing about it, weâre tired of hearing about it. But itâs our job to bring you the VR news and if we didnât include itâŠwell that would just be silly. So, ignoring the surrounding drama, whatâs this CUPs stuff about? Well last week @evilsocket released a blog post detailing vulnerabilities he found is cups-browsed, a subsystem within the CUPs. After identifying an overflow that he decided not to further pursue for exploitation, he turned his attention to âlower hanging fruitâ. Essentially, he figured out a way to get the target to connect back to him, allowing the injection of a controlled PPD directives to the default file. This in turn would be exploited when a print job is sent to the fake printer.