The issue is that since this service binds to 0.0.0.0, which on Linux signifies all IP addresses and interfaces, it additionally discovers printers over the web if the port is just not blocked within the system firewall. How huge is that this drawback? Margaritelli scanned the web for a few weeks for units that listened on UDP 631 and located a whole lot of hundreds with peaks of 200-300K concurrent units.
Whereas there are possible a whole lot of thousands and thousands of Linux units on the web, that quantity won’t appear excessive, but it surely’s actually large enough for a really highly effective botnet in the event that they had been to be compromised. Additionally, as attackers have confirmed time and time in the past, getting a foothold inside a community is just not that onerous, and from there this situation can probably be exploited for lateral motion.
“Nicely it seems that whilst you may configure who can and who can’t join by enhancing the /and so on/cups/cups-browsed.conf configuration file… the default configuration file, on just about any system, is fully commented out and easily permits anybody,” the researcher mentioned.
