This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.
16431cc7dbb038947f886cccbda9ff1e8abb4ffdc1cbb4066839871766422f13Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3Ubuntu Security Notice 7120-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
57646a3034886c2e86bcd31eac59da5e06ae61f49b9a18b53b079814bb1416c0Debian Linux Security Advisory 5812-2 - The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt.
119fdfa54487759cb1de347360df65467051a83c5fce14cae4cc4a6a0ec9f835Red Hat Security Advisory 2024-9806-03 - Red Hat build of Apache Camel 4.4.4 for Spring Boot release and security update is now available. Issues addressed include a code execution vulnerability.
e5a1fe2a8a8abdba703cd554ce001244eeb6964bb505e9270a87878516a76a06Red Hat Security Advisory 2024-9738-03 - An update for squid is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.
f7656d072370c3688e9739dc85e0c57665ef6fec0943e29f4003051d03d50389Red Hat Security Advisory 2024-9729-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
034666b474cdc0aae94a16911d0fc7dc56e80cb2640bbd89bd15e923f0f8de1eRed Hat Security Advisory 2024-9690-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
e06e4b3943cb9cd32e98e0796f2b8793271bd95d04ead69e6376bb29edfd77b0Red Hat Security Advisory 2024-9689-03 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
6b09897810addb43dd9a56838b03ec57ada28cede64e21984c80bf9d46fe9c83Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
a072c4a79a7fba3d9f798f6c536dc83e6ba851f5eaf528700d2eb523fe8015bdRed Hat Security Advisory 2024-9678-03 - An update for squid is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a denial of service vulnerability.
42ac9bf77ddc647502727f158429f1b9c2f42491324154ec31d91d09aba212faRed Hat Security Advisory 2024-9677-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
a00d47d07e848fdfef770ce5abda94a3b6bdcd66c601f1a261d847e6ab67d047Red Hat Security Advisory 2024-9646-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
0f0e090ef093f93ec277c321d4386842098463a763dd1801040b941ee6861ca4Red Hat Security Advisory 2024-9638-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
6b52c888b5ee2144b4e01d61b21143ac8fb065cedc962695942db69bed58a6b3Red Hat Security Advisory 2024-9636-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
754e12483ccdf3dc71c414d0a8507159a0635b7c4dbb47bf3642a2585829825aRed Hat Security Advisory 2024-9629-03 - Red Hat OpenShift Service Mesh Containers for 2.5.6. Issues addressed include a cross site scripting vulnerability.
e92d9eac12b70537e2be0e07aad764575b6679fe89eb399a16a22e3534a1f94aRed Hat Security Advisory 2024-9625-03 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
f8717af11cf89f1c1bf4dabddaa7aa88f17238c76fe6579095103412a113c6beRed Hat Security Advisory 2024-9605-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.
d7fa0f97a93ba55bf28ff3b0e64a4585cd7dd46a2120d66ed46ecb95f1362d0eRed Hat Security Advisory 2024-9576-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.
23958c45faf18d097345e690bbd77323923f3d7ef42f4c6aa4c761749813cf87Red Hat Security Advisory 2024-9570-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
c008f4c460101efbfd23172fa0bc55e1768e488f3af8e747150dd5134e118c14Red Hat Security Advisory 2024-9556-03 - An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a privilege escalation vulnerability.
8be09f5dc79553f8771c6c2f489d8e831bf69a9a42dd05dc89589ca1f8cd7281Red Hat Security Advisory 2024-9555-03 - An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 9. Issues addressed include a privilege escalation vulnerability.
42c0752979278a072f4af9b1394b9a31eead600ec9b139ea44fccf20a8d5b4f7Red Hat Security Advisory 2024-9553-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.
41babb546cba52f5a0f527f42d67cd904799f1e88cc09906fac3351fc5652396Red Hat Security Advisory 2024-9551-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
78eca598eb3dde39c4a3d8d20ebcdedd3bee08694d5709fe836f479fc849aacaRed Hat Security Advisory 2024-9548-03 - An update for openexr is now available for Red Hat Enterprise Linux 9. Issues addressed include a heap overflow vulnerability.
8d4114bc6c9c96b9d6117b70fe3b01e16451d2b4b222066cc45fcb3f3a658cd4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed