Critical CUPS Vulnerabilities in Linux Systems: Remote Code Execution Risks

Critical CUPS Vulnerabilities in Linux Systems: Remote Code Execution Risks

The article from The Hacker News discusses a set of critical security vulnerabilities in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems. These vulnerabilities, identified by four CVEs (CVE-2024-47176, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176), could allow remote command execution under certain conditions. Here is a summary of the key points:

– **Vulnerabilities Overview**: The vulnerabilities affect CUPS components such as `cups-browsed` and `cups-filters`, allowing an attacker to silently replace existing printers’ IPP URLs with malicious ones. This can lead to arbitrary command execution on the computer when a print job is started from that computer.

– **Attack Chain**: The attack involves several steps:
1. An attacker sends a specially crafted packet to a vulnerable server.
2. The packet causes the target to connect to a fake, attacker-controlled printer.
3. The fake printer sends back a malicious configuration file.
4. A victim user is tricked into starting a printing job on the target server.
5. The malicious configuration file executes arbitrary code.

– **Affected Systems**: CUPS is commonly used on various Linux distributions, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux.

– **Severity and Impact**: While the vulnerabilities are serious, they require specific conditions to be exploited, including manual user interaction in the form of tricking a user into printing from a malicious printer. The real-world impact is likely to be low unless the vulnerable service is exposed to the public internet or network segments.

– **Mitigations**: To mitigate these vulnerabilities, it is recommended to disable and remove the `cups-browsed` service if it is not necessary. Additionally, blocking or restricting traffic to UDP port 631 can help prevent exploitation.

– **Patches**: Patches for the vulnerabilities are currently being developed and are expected to be released in the coming days.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.