The RCE is not good, but it was blown way out of proportion and is mostly nothing.
I think that the entry points matter, and the context matters when you evaluate something like this.
While this is an actual bug in the software, it's not like it will affect literally all unix systems and you can just use this to get into anywhere if you have the knowhow. You specifically need cups to be installed and
exposed to the internet. Enterprise servers have minimal installations which don't include cups, and home users have router firewalls that don't have those ports opened by default.
Are there tons of idiots who do the opposite with random software? Sure, someone found remote controlling software unauthed earlier in the thread, but how many cups servers will you really find on shodan?
Entry Points
- WAN / public internet: a remote attacker sends an UDP packet to port 631. No authentication whatsoever.
- LAN: a local attacker can spoof zeroconf / mDNS / DNS-SD advertisements (we will talk more about this in the next writeup ) and achieve the same code path leading to RCE.
If you have port 631 open, why the fuck? If you put cups on the public internet without authentication, then that's your problem! Don't put
anything on the public internet without auth unless it's supposed to be public.
If someone has LAN access, then there's far more to worry about than cups. All the locks in the world on your cupboards won't protect your shit if someone is already in your house.
