For public Internet (not local) and this specific exploit it should be fine but there are more undisclosed vulnerabilities within CUPS so if you don't need it you should uninstall it and any dependencies or related packages
True that, the comfy install of debian, mint, and etc is quick and simple but you're installing packages you may not need, which in turn gives yourself a bigger attack surface. Then you try to uninstall it and it breaks your whole system lol
Properly securing CUPS, limiting access, and keeping it updated are more effective strategies than depending on host-based firewalls alone practically. Also there are more undisclosed exploits with CUPS so firewall may not be the end-all-be-all solution.
@@malarkaveli Nah you have a router / gateway with a built in firewall. You would need to manually allow UDP from any source to port 631 on the router's firewall to be vulnerable. Even 15 year old home routers would drop those packets by default
@@myphoneglows 1. Laptop connected to public WiFi. 2. Compromised IoT device on home network. 3. Compromised laptop or other device on corporate network. 4. Untrustworthy employee on corporate network.
@@dansanger5340 i mean fair enough but 1) if you're using public wifi with no host-based firewall good luck anyway 2) You're asking for it if you have IoT devs on a trusted network + they would need to be compromised by another exploit and then this one 3&4) enterprise networks should have IDS, IPS, and proxies that would catch this...
@@zent7876 it's not a virus, it's an exploit so if you disable or uninstall CUPS (if you have it installed on your VM) you should be fine. Use "sudo apt list --installed | grep cups" to check. I doubt you're using a printer on your Kali VM so you don't need the package.
If there's anything you guys want me to make a video on put it down below 👇
"like wtf do i need cups for" lol. great video man, love to see other creators out here! 🤙🏽
Port 631, if we disable all incoming via UFW, shouldn't it be a quick fix?
For public Internet (not local) and this specific exploit it should be fine but there are more undisclosed vulnerabilities within CUPS so if you don't need it you should uninstall it and any dependencies or related packages
@@malarkaveli yeah. But unfortunately, i need to use printer... opps.
That's fine then, yeah disable all incoming or disable cups-browsed if you don't need it constantly searching
I guess its good that cups is not installed by default on arch an even when you install it cupsbrowsed is a separate packet
True that, the comfy install of debian, mint, and etc is quick and simple but you're installing packages you may not need, which in turn gives yourself a bigger attack surface. Then you try to uninstall it and it breaks your whole system lol
The POC in that article is using no host-based firewall on a local network...
Uninstalling stuff you dont need is solid advice tho
Properly securing CUPS, limiting access, and keeping it updated are more effective strategies than depending on host-based firewalls alone practically. Also there are more undisclosed exploits with CUPS so firewall may not be the end-all-be-all solution.
@@malarkaveli Nah you have a router / gateway with a built in firewall. You would need to manually allow UDP from any source to port 631 on the router's firewall to be vulnerable. Even 15 year old home routers would drop those packets by default
@@myphoneglows 1. Laptop connected to public WiFi. 2. Compromised IoT device on home network. 3. Compromised laptop or other device on corporate network. 4. Untrustworthy employee on corporate network.
@@dansanger5340 i mean fair enough but 1) if you're using public wifi with no host-based firewall good luck anyway 2) You're asking for it if you have IoT devs on a trusted network + they would need to be compromised by another exploit and then this one 3&4) enterprise networks should have IDS, IPS, and proxies that would catch this...
What damage can an attacker do with this vulnerability?
It allows for RCE (Remote Code Execution) so they would be able to run any command or code on your computer like info stealers or even ransomware
thank you i disabled it
I have kali linux vm am safe or the virus can be spread?
@@zent7876 it's not a virus, it's an exploit so if you disable or uninstall CUPS (if you have it installed on your VM) you should be fine. Use "sudo apt list --installed | grep cups" to check. I doubt you're using a printer on your Kali VM so you don't need the package.
@@zent7876 an exploit can lead to you getting a virus/malware on your machine but they are not the same thing