Comment This is public (Score 1) 153
https://www.evilsocket.net/202...
The issue(s)
- Does NOT affect all GNU/Linux systems.
- Is not CVSS 9.9. I put it at a 6.3
It also requires:
1) The victim system has no active firewall to block incoming connections.
2) A user on the victim system must print something to a printer that mysteriously appears on the system that has never been there before.
If these two things happen, then command execution can happen as the "lp" user.