The article from The Hacker News discusses a set of critical security vulnerabilities in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems. These vulnerabilities, identified by four CVEs (CVE-2024-47176, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176), could allow remote command execution under certain conditions. Here is a summary of the key points:
– **Vulnerabilities Overview**: The vulnerabilities affect CUPS components such as `cups-browsed` and `cups-filters`, allowing an attacker to silently replace existing printers’ IPP URLs with malicious ones. This can lead to arbitrary command execution on the computer when a print job is started from that computer.
– **Attack Chain**: The attack involves several steps:
1. An attacker sends a specially crafted packet to a vulnerable server.
2. The packet causes the target to connect to a fake, attacker-controlled printer.
3. The fake printer sends back a malicious configuration file.
4. A victim user is tricked into starting a printing job on the target server.
5. The malicious configuration file executes arbitrary code.
– **Affected Systems**: CUPS is commonly used on various Linux distributions, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux.
– **Severity and Impact**: While the vulnerabilities are serious, they require specific conditions to be exploited, including manual user interaction in the form of tricking a user into printing from a malicious printer. The real-world impact is likely to be low unless the vulnerable service is exposed to the public internet or network segments.
– **Mitigations**: To mitigate these vulnerabilities, it is recommended to disable and remove the `cups-browsed` service if it is not necessary. Additionally, blocking or restricting traffic to UDP port 631 can help prevent exploitation.
– **Patches**: Patches for the vulnerabilities are currently being developed and are expected to be released in the coming days.
Discover more from Altralto
Subscribe to get the latest posts sent to your email.
Be the first to comment