Skip to main content

Latest Cybersecurity News

CyberDudeBivash ThreatWire – 43rd Edition The Role of NFTs in Building a Decentralized Identity By CyberDudeBivash | cyberdudebivash.com | cyberbivash.blogspot.com

   Introduction – Beyond Digital Art: NFTs as Identity Anchors Non-Fungible Tokens (NFTs) surged into mainstream headlines for digital art sales, PFPs, and speculative hype . But the real power of NFTs lies far beyond JPGs — they can form the backbone of Decentralized Identity (DID) in the Web3 world. In this ThreatWire edition, CyberDudeBivash breaks down how NFTs evolve into self-sovereign identity tools , their security implications , and how businesses can leverage them while avoiding risks.  The Concept of Decentralized Identity Traditional Web2 identity is centralized — Google, Facebook, or banks act as identity providers . They control credentials, dictate access, and remain single points of failure. Web3 introduces Decentralized Identity (DID) , where users: Control their identifiers (wallets, DIDs). Own their credentials (NFTs, verifiable credentials). Selectively disclose proof (zero-knowledge proofs). NFTs play a critical role here: your NFT b...
Post a Comment
Read more
Labels

CUPS Flaws Allow Remote DoS & Auth Bypass: CVE-2025-58364 & CVE-2025-58060 (Linux Printing Under Threat)

 


Introduction

The Common UNIX Printing System (CUPS) is ubiquitous in Linux / UNIX-like environments. It handles the printing stack: discovering printers, managing print jobs, serving IPP (Internet Printing Protocol) requests, etc. Because it's often installed by default, lightly protected, and exposed on local networks (sometimes even to internet), flaws in CUPS are especially dangerous.

Recently, two vulnerabilities were disclosed:

  • CVE-2025-58364: Remote Denial of Service (DoS) via Null Dereference in libcups, IPv4 printer discovery / attributes parsing.

  • CVE-2025-58060: Authentication Bypass in Authorization Handling when AuthType settings are non-Basic, allowing attackers to send Authorization: Basic header and bypass password checks.

These affect many Linux distributions (RHEL, Oracle Linux, etc.), multiple versions of CUPS and cups-browsed. Administrators must act fast.

 Technical Details

CVE-2025-58364: Remote DoS via Null Pointer Dereference

  • Affected component: libcups library within CUPS, particularly the functions ipp_read_io()ippValidateAttributes(). Unsafe deserialization of printer attributes and validation logic… leads to null pointer dereference. NVD+2Daily CyberSecurity+2

  • Attack vector: An attacker on the same local subnet crafting a printer response (using printer attributes) that causes the null pointer deref on client machines (listening for printers). On misconfigured hosts (exposed IPP ports, no firewall), possibly from remote/network. NVD+2Daily CyberSecurity+2

  • Impact: Crash of cups / cups-browsed process → printing services down on affected machines; denial of service for print operations. Disruption for desktops and servers that rely on CUPS. NVD+1

  • Severity: CVSS v3.x ≈ 6.5 (Medium). NVD+1

  • Patch Versions: Fixed in CUPS version 2.4.13 (and later). Systems at <= 2.4.12 are vulnerable. NVD+2Oracle Linux+2

CVE-2025-58060: Authentication Bypass via Misconfigured AuthType

  • Affected component: CUPS authorization function (cupsdAuthorize() or equivalent) when AuthType ≠ Basic is configured. If a request includes an Authorization: Basic ... header, the password check can be skipped. NVD+2Rapid7+2

  • Attack vector: Local network (or remote if IPP is exposed); attacker crafts request with Basic auth header under non-Basic AuthType setting. The bug is logic in authorization handling. No credentials needed in practice under certain config. NVD+2Rapid7+2

  • Impact: Unauthorized access to administrative functions of CUPS: printer queue creation, management, possibly queue deletion or job manipulation. Could escalate to configuration changes, potential path to higher privilege if misused. Rapid7+1

  • Severity: CVSS v3.x ≈ 8.0 (High). NVD+1

  • Patch Versions: Fixed in versions >= 2.4.13. Systems with CUPS ≤ 2.4.12 vulnerable. NVD+1

 Affected Environments & Exposure

  • Linux desktops and servers with CUPS installed, especially those listening for printers on the local network. Default configs often allow cups-browsed or printer discovery. NVD+1

  • Red Hat Enterprise Linux 9 and 10, Oracle Linux, other distros with older CUPS packages. (Red Hat advisory: RHSA-2025:15700 / RHSA-2025:15701.) Red Hat Customer Portal+1

  • Systems where IPP port is exposed (by firewall or misconfig), or where printer discovery replies come from adversarial sources on LAN. Internet-exposed printers worse case. NVD+1

 Mitigation & Remediation Steps (CyberDudeBivash Guidance)

  1. Upgrade CUPS & cups-browsed to version 2.4.13 or later — ensures both CVEs are patched. NVD+2Oracle Linux+2

  2. Restrict printer discovery / browsing on local network — only trusted subnets; firewall rules to limit IPP traffic.

  3. Review AuthType settings in CUPS configuration:

    • Avoid non-Basic AuthType when possible; fix logic ifAuthType not Basic but Basic auth headers are accepted.

    • Ensure cupsd.conf or equivalent denies unexpected Authorization headers under non-Basic modes.

  4. Harden configuration files: ensure proper access control, disable remote configuration of printers from untrusted hosts.

  5. Monitor logs for unexpected print job or admin endpoint access; monitor for crashes of cups or cups-browsed processes (which may indicate DoS attempts).

  6. Apply vendor advisories: for Red Hat, Oracle, etc., use their errata RHSA/ELSA updates. Red Hat Customer Portal+1

  7. Test / audit your systems (scan with Nessus / Qualys etc.) to detect versions before patch. Tenable®+1

 Policy, Security & Broader Implications

  • Such flaws in printing systems are often overlooked in enterprise vulnerability programs; but they’re part of attack surface (especially in offices, universities, governments).

  • Default network services listening or discovery protocols are a recurring theme in vulnerabilities. The risk model must include local network threat actors, compromised devices on LAN.

  • Authentication bypasses are especially dangerous for regulation compliance (GDPR, etc.) if print jobs or admin config leaks.

  • Vendor disclosure and patch turnaround is relatively quick here, which is good; but checking for upstream library fixes (e.g. for libcups, cups filters) is necessary.

 CUPS Flaws Alert

Header:  CyberDudeBivash Threat Intel
Main Title: CUPS Flaws – Remote DoS & Auth Bypass (CVE-2025-58364 / CVE-2025-58060)
Highlights :

  •  Null pointer deref → crash / DoS

  •  Auth bypass when AuthType ≠ Basic

  •  Version ≤ 2.4.12 vulnerable

  •  Patch to ≥ 2.4.13 immediately


cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog | cyberdudebivash-news.blogspot.com

 Affiliate Blocks

  •  [Enterprise CUPS Hardening Toolkit]

  •  [Managed Printing Security Service]

  •  [Linux Vulnerability Scanner / SIEM]

  •  [Cybersecurity Training: Secure Linux Services]



#CyberDudeBivash #CUPS #CVE202558060 #CVE202558364 #RemoteDoS #AuthBypass #LinuxSecurity #OpenPrinting #PatchNow #VulnerabilityAlert

Labels:

Comments

Post a Comment