Friend
Professional
- Messages
- 2,659
- Reaction score
- 865
- Points
- 113
Researchers are shocked by the ease of exploitation of the vulnerability found.
Recently, a critical vulnerability in the CUPS Unix printing system was disclosed, affecting many Linux systems around the world. The vulnerability could lead to computer hijacking over a network or the Internet when starting a document print job. The problem is exacerbated by the fact that updates to fix the problem are not yet available.
Security researcher Simone Margaritelli, who discovered and reported these vulnerabilities, published a detailed description of them. The vulnerabilities affect most Linux distributions, some versions of BSD, and possibly ChromeOS and Solaris. The critical threat comes from the cups-browsed component, which can be used by attackers to take over the system at the start of a print job.
For successful exploitation, an attacker needs to have access to the CUPS service on port 631 and wait for a print job to start on the affected system. If this port is unavailable, it is possible to replace zeroconf, mDNS or DNS-SD for the attack.
In total, the researcher identified four vulnerabilities:
Consistent exploitation of these vulnerabilities allows an attacker to direct a packet to port 631, force the affected system to access the attacker's server, transmit malicious data, and, when the seal starts, execute malicious commands.
Although the threat seems significant, its exploitation requires the interaction of the user who must start the print job. According to Margaritelli, the vulnerability probably does not reach the claimed CVSS score of 9.9 out of 10, as previously assumed, but still poses a threat.
According to watchTowr founder Benjamin Harris, the security flaws identified affect only a small percentage of Linux systems accessible from the Internet. However, it recommends that organizations check their systems to avoid possible cybersecurity incidents.
Margaritelli himself suggests taking the following steps to protect yourself:
Notably, Margaritelli faced a number of challenges when reporting the vulnerability to CUPS. Despite the severity of the problem, which was confirmed by companies such as Canonical and Red Hat, CUPS developers were reluctant to accept information about the bugs found.
Instead of fixing vulnerabilities quickly, Margaritelli said, they preferred to argue about whether some of them affected security and were lenient with the researcher's remarks. Margaritelli sees this situation as an example of how not to handle the disclosure of vulnerabilities, and emphasizes the responsibility of software developers, which has been running for more than 20 years on many devices around the world.
Until the necessary patches are released, it is recommended that you take the suggested measures to minimize the risks.
Source
Recently, a critical vulnerability in the CUPS Unix printing system was disclosed, affecting many Linux systems around the world. The vulnerability could lead to computer hijacking over a network or the Internet when starting a document print job. The problem is exacerbated by the fact that updates to fix the problem are not yet available.
Security researcher Simone Margaritelli, who discovered and reported these vulnerabilities, published a detailed description of them. The vulnerabilities affect most Linux distributions, some versions of BSD, and possibly ChromeOS and Solaris. The critical threat comes from the cups-browsed component, which can be used by attackers to take over the system at the start of a print job.
For successful exploitation, an attacker needs to have access to the CUPS service on port 631 and wait for a print job to start on the affected system. If this port is unavailable, it is possible to replace zeroconf, mDNS or DNS-SD for the attack.
In total, the researcher identified four vulnerabilities:
- CVE-2024-47176 (cups-browsed prior to version 2.0.1): Uncontrolled access to UDP port 631.
- CVE-2024-47076 (libcupsfilters prior to version 2.1b1): Missing attribute validation when executing IPP requests.
- CVE-2024-47175 (libppd): Missing attribute validation when writing to a PPD file.
- CVE-2024-47177 (cups-filters prior to version 2.0.1): ability to execute commands from PPD file data.
Consistent exploitation of these vulnerabilities allows an attacker to direct a packet to port 631, force the affected system to access the attacker's server, transmit malicious data, and, when the seal starts, execute malicious commands.
Although the threat seems significant, its exploitation requires the interaction of the user who must start the print job. According to Margaritelli, the vulnerability probably does not reach the claimed CVSS score of 9.9 out of 10, as previously assumed, but still poses a threat.
According to watchTowr founder Benjamin Harris, the security flaws identified affect only a small percentage of Linux systems accessible from the Internet. However, it recommends that organizations check their systems to avoid possible cybersecurity incidents.
Margaritelli himself suggests taking the following steps to protect yourself:
- Disable or delete the cups-browsed service;
- Block access to UDP port 631 and DNS-SD;
- Update CUPS when patches are released.
Notably, Margaritelli faced a number of challenges when reporting the vulnerability to CUPS. Despite the severity of the problem, which was confirmed by companies such as Canonical and Red Hat, CUPS developers were reluctant to accept information about the bugs found.
Instead of fixing vulnerabilities quickly, Margaritelli said, they preferred to argue about whether some of them affected security and were lenient with the researcher's remarks. Margaritelli sees this situation as an example of how not to handle the disclosure of vulnerabilities, and emphasizes the responsibility of software developers, which has been running for more than 20 years on many devices around the world.
Until the necessary patches are released, it is recommended that you take the suggested measures to minimize the risks.
Source
