Post AmPhRnpT5xBth3VCmO by OldManToast@cosocial.ca
(DIR) More posts by OldManToast@cosocial.ca
(DIR) Post #AmPgtx2KM7HuP6NKuO by BrodieOnLinux@mstdn.social
2024-09-27T01:32:07Z
1 likes, 1 repeats
The biggest Linux CVE of the century was published nearly 2 weeks early and would you look at that, it's not the biggest Linux CVE of the century
(DIR) Post #AmPh9YJ64EHCL8esng by jenbanim@mastodo.neoliber.al
2024-09-27T01:34:51Z
0 likes, 0 repeats
@BrodieOnLinux mrw 9.9 CVE but it relies on running CUPS with an exposed UDP port 631
(DIR) Post #AmPhRnpT5xBth3VCmO by OldManToast@cosocial.ca
2024-09-27T01:38:12Z
0 likes, 0 repeats
@BrodieOnLinux so no global infrastructure collapse? I thought that this was a "Linux figureheads will pay the price for their arrogance" type of thing?
(DIR) Post #AmPhciZaydkuZsHaWu by BrodieOnLinux@mstdn.social
2024-09-27T01:40:12Z
0 likes, 0 repeats
@jenbanim It's a really bad CVE for CUPS but this dude was hyping it up like it was the 2nd coming of xz utils, this is a problem for desktop Linux systems that use CUPS
(DIR) Post #AmPhpjmxlixC71k9uC by jenbanim@mastodo.neoliber.al
2024-09-27T01:42:32Z
0 likes, 0 repeats
@BrodieOnLinux Yeah it's a serious CVE, but the way he was talking I was expecting another heartbleed. My anxiety was through the roof right before the disclosure
(DIR) Post #AmPiiu5fAY13zOnNrs by freelikegnu@fosstodon.org
2024-09-27T01:52:30Z
0 likes, 0 repeats
@BrodieOnLinux even though the ends do not justify the means (calling the severity a 9.9) we are all a little safer because someone found this exploit and reported it. Margaritelli owned up to the misclassification as well according to El Reg: 'Margaritelli said he thinks 9.9 is too high, too."Impact-wise I wouldn’t classify it as a 9.9, but then again, what the hell do I know?" he wrote.'https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/
(DIR) Post #AmPldUrdpcrUANLn2u by cerberus1746@mastodon.gamedev.place
2024-09-27T02:25:07Z
0 likes, 0 repeats
@BrodieOnLinux @jenbanim I would love to learn marketing from him.
(DIR) Post #AmPlsZupKhyEB122K0 by paco@infosec.exchange
2024-09-27T02:27:51Z
0 likes, 0 repeats
@BrodieOnLinux I believe the erudite sophisticated expression for this is a “damp squib”
(DIR) Post #AmPnZ6IHRR28iFqGWm by TheFrenchGhosty@libretooth.gr
2024-09-27T02:46:45Z
0 likes, 0 repeats
@BrodieOnLinux @jenbanim I mean, most linux desktop run cups so...
(DIR) Post #AmPsIaRIbjzb3U0Op6 by TheFrenchGhosty@libretooth.gr
2024-09-27T02:46:10Z
0 likes, 0 repeats
@jenbanim @BrodieOnLinux That's it? There was supposed to be 3-6 CVE rated 9.9 in the end it's just one and just cups?
(DIR) Post #AmPsIbEvdDgvXPE2BE by BrodieOnLinux@mstdn.social
2024-09-27T03:39:48Z
0 likes, 0 repeats
@TheFrenchGhosty @jenbanim In the authors blog post there are 4 listed
(DIR) Post #AmQBMIuHdKYIxz34s4 by mort@fosstodon.org
2024-09-27T07:13:22Z
0 likes, 0 repeats
@BrodieOnLinux @jenbanim To be clear, the security researcher did not have anything to do with the score of 9.9. He hyped it up to be a bad vulnerability sure (which it was), but it's the 9.9 score that really got people concerned.He's getting unfairly dogpiled IMO, and it's unfortunate to see you joining in on that.
(DIR) Post #AmQi5p28EOoYAaT5ge by eliteamdgamer@mastodon.social
2024-09-27T13:20:10Z
0 likes, 0 repeats
@BrodieOnLinux I only understand this was due to a lack of people reading and just reading the title. What does this one truly matter?“dependent on location in the workplace” Like if you don’t have cups installed at all 
(DIR) Post #AmRNmkCQAyhfkYrmaG by cerberus1746@mastodon.gamedev.place
2024-09-27T21:07:19Z
0 likes, 0 repeats
@BrodieOnLinux Allrighty, I looked up a bit more.He was not the one person that leaked the cve and he was told that it was a CVE 9.9 and he is not a security research.So he was just overly excited and the CVE 9.9 was not directly his fault. I think we can give the guy an actual break.