Comments by "Pottenger\x27s Human" (@LTPottenger) on "is this exploit over hyped? (9.8 CVSS btw)" video.

  1. With the ipv6 exploit everyone ignored you can go to a page and it can spoof localhost which is what this daemon listens on, and send whatever it wants. So anyone with CUPS daemon and ipv6 who go to a page that exploits this are immediately hacked. This is why it's a pretty ridiculous setup and also why autoupdate software is pretty ridiculous. And these are just known exploits. We don't know if there are more and that it's set up intentionally behind the scenes. Linus was approached to make back doors and you better believe every other open source group is too, and not all of them are going to be as honest.
    1