Sep 27, 2024
Ravie Lakshmanan
Linux / Vulnerability
A set of critical security vulnerabilities has been uncovered in the OpenPrinting Common Unix Printing System (CUPS) on Linux platforms, opening the door for potential remote command execution in specific scenarios.
According to security researcher Simone Margaritelli, “A remote unauthenticated attacker can silently replace existing printers’ IPP urls with a malicious one, triggering arbitrary command execution when a print job is initiated.”
CUPS is a widely-used, open-source printing system for Linux and Unix-like operating systems, making the impact of these vulnerabilities potentially widespread across various distributions.
The list of vulnerabilities includes:
- CVE-2024-47176 – cups-browsed <= 2.0.1 vulnerability
- CVE-2024-47076 – libcupsfilters <= 2.1b1 vulnerability
- CVE-2024-47175 – libppd <= 2.1b1 vulnerability
- CVE-2024-47177 – cups-filters <= 2.0.1 vulnerability
The combination of these vulnerabilities could allow an attacker to create a fake printing device on a Linux system running CUPS and execute arbitrary code by sending a print job.
According to network security company Ontinue, the vulnerabilities stem from inadequate validation of network data, allowing for the installation of a malicious printer driver and subsequent execution of malicious code with user-level privileges.
Although Red Hat Enterprise Linux (RHEL) confirmed the presence of these flaws in all versions, the default configurations are not vulnerable, hence reducing the real-world impact.
Rapid7 emphasizes that exploiting these vulnerabilities requires accessibility to UDP port 631 and the presence of the vulnerable service listening, either from the public internet or within network segments.
Palo Alto Networks confirmed that their products are not impacted by these vulnerabilities as they don’t include the CUPS-related software packages.
While patches are in development, it’s recommended to disable unnecessary services like cups-browsed and restrict traffic to UDP port 631 as a precaution.
Benjamin Harris, CEO of WatchTowr, noted that the overall impact of these vulnerabilities on desktop machines running CUPS is lower compared to server editions exposed to the internet.
Satnam Narang from Tenable stressed that while these vulnerabilities are serious, they are not on the same level as other well-known vulnerabilities like Log4Shell or Heartbleed. He also highlighted the importance of ongoing security research to uncover and address such vulnerabilities.
For organizations focusing on these latest issues, it’s crucial to prioritize known vulnerabilities that are actively exploited by threat actors to protect sensitive data and critical systems.