The issue is that since this service binds to 0.0.0.0, which on Linux signifies all IP addresses and interfaces, it additionally discovers printers over the web if the port just isn’t blocked within the system firewall. How massive is that this drawback? Margaritelli scanned the web for a few weeks for units that listened on UDP 631 and located lots of of hundreds with peaks of 200-300K concurrent units.
Whereas there are seemingly lots of of thousands and thousands of Linux units on the web, that quantity may not appear excessive, however it’s actually large enough for a really highly effective botnet in the event that they had been to be compromised. Additionally, as attackers have confirmed time and time in the past, getting a foothold inside a community just isn’t that arduous, and from there this difficulty can doubtlessly be exploited for lateral motion.
“Effectively it seems that when you might configure who can and who can’t join by enhancing the /and so forth/cups/cups-browsed.conf configuration file… the default configuration file, on just about any system, is totally commented out and easily permits anybody,” the researcher stated.