<div dir="ltr"><div>Hi,</div><div><br></div><div>Here's the SANS Institute info on this Linux kernel bug:</div><div><br></div><div><a href="https://isc.sans.edu/forums/diary/What+You+Need+To+Know+About+TCP+SACK+Panic/25046/">https://isc.sans.edu/forums/diary/What+You+Need+To+Know+About+TCP+SACK+Panic/25046/</a></div><div><br></div><div>Note that a print server that is forwarding from end print clients to</div><div>downstream printers could be open to this kernel panic bug, if it</div><div>supports Port 9100 printing.</div><div><br></div><div>Cheers,</div><div>- Ira</div><div><br></div><div><br></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Ira McDonald (Musician / Software Architect)<br>Co-Chair - TCG Trusted Mobility Solutions WG</div><div>Co-Chair - TCG Metadata Access Protocol SG<br></div><div dir="ltr">Chair - Linux Foundation Open Printing WG<br>Secretary - IEEE-ISTO Printer Working Group<br>Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG<br>IETF Designated Expert - IPP & Printer MIB<br>Blue Roof Music / High North Inc<br><a style="color:rgb(51,51,255)" href="http://sites.google.com/site/blueroofmusic" target="_blank">http://sites.google.com/site/blueroofmusic</a><br><a style="color:rgb(102,0,204)" href="http://sites.google.com/site/highnorthinc" target="_blank">http://sites.google.com/site/highnorthinc</a><br>mailto: <a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a><br>PO Box 221 Grand Marais, MI 49839 906-494-2434<br><br><div style="display:inline"></div><div style="display:inline"></div><div style="display:inline"></div><div></div><div></div><div></div><div></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 19, 2019 at 11:10 AM Till Kamppeter <<a href="mailto:till.kamppeter@gmail.com">till.kamppeter@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Only the printers open port 9100 to receive jobs, a computer does never <br>
open this port for printer sharing. So is this secyrity issue about <br>
breaking into the printer then?<br>
<br>
Till<br>
<br>
<br>
On 19/06/2019 16:56, Ira McDonald wrote:<br>
> Hi,<br>
> <br>
> Of course, we don't encourage people to use Port 9100 (for example)<br>
> for printing, but this raw socket kernel panic looks like a serious issue.<br>
> <br>
> Cheers,<br>
> - Ira<br>
> <br>
> <br>
> ---------- Forwarded message ---------<br>
> From: *Dave New* <<a href="mailto:dave.new@fcagroup.com" target="_blank">dave.new@fcagroup.com</a> <mailto:<a href="mailto:dave.new@fcagroup.com" target="_blank">dave.new@fcagroup.com</a>>><br>
> Date: Wed, Jun 19, 2019 at 10:46 AM<br>
> Subject: raw socket Linux kernel panic<br>
> To: Ira McDonald <<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a> <mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a>>><br>
> <br>
> <br>
> Ira,<br>
> <br>
> Heard on the security now podcast this morning, there is a raw socket <br>
> Linux kernel panic that goes back about ten years. I noticed that you <br>
> are involved with the printing stuff, and I recall that includes raw <br>
> sockets, which might be likely exposed to the Internet (purposefully or <br>
> accidentally).<br>
> <br>
> What I understand is that the issue is in the kernel TCP stack, so there <br>
> may be little that can be done from the printer driver level, except <br>
> maybe close off the raw socket access until the kernels can be patched.<br>
> <br>
> Steve Gibson expects that by next week, an attack in the wild against <br>
> unpatched kernels will be featured front-and-center for his podcast.<br>
> <br>
> Thanks,<br>
> <br>
> -- DaveN<br>
> <br>
> <br>
> Dave New<br>
> <br>
> Advanced Senior Engineer<br>
> <br>
> E/E Wireless & Security<br>
> <br>
> <br>
> FCA US LLC<br>
> <br>
> CIMS 484-10-01<br>
> <br>
> 800 Chrysler Dr, Auburn Hills, MI USA 48326-2757<br>
> <br>
> USA<br>
> <br>
> <br>
> Telephone: +1 (248) 576 1591<br>
> <br>
> Mobile: +1 (248) 705 8701<br>
> <br>
> FAX: +1 (248) 576 8398<br>
> <br>
> <a href="mailto:Email%3Adave.new@fcagroup.com" target="_blank">Email:dave.new@fcagroup.com</a> <mailto:<a href="mailto:dave.new@fcagroup.com" target="_blank">dave.new@fcagroup.com</a>><br>
> <br>
> <br>
<br>
</blockquote></div>