Linux systems running a printing system CUPS (Common Unix Printing System) are vulnerable to a critical exploit, enabling attackers to run remote code.
Security researcher Simone Margaritelli disclosed several unpatched vulnerabilities affecting Linux systems.
“A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP (Internet Printing Protocol) URLs with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),” the researcher said in a report.
Some initial assessments indicated a severity score of 9.9 out of 10. The NIST’s National Vulnerability Database assigned scores ranging from 8.6 to 9 out of 10.
* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
undefined Simone Margaritelli (@evilsocket) September 23, 2024
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR
Margaritelli warns that at least 200-300,000 unique Internet-facing systems could become targets. The CUPS components are widespread and vulnerabilities affect most GNU/Linux distributions and some other UNIX systems.
The researcher recommends disabling and removing the cups-browsed service (it is responsible for discovering new printers and automatically adding them to the system), and updating the CUPS package.
“In case your system can’t be updated and for some reason you rely on this service, block all traffic to UDP port 631 and possibly all DNS-SD traffic.”
The author also criticized the CUPS developers community for dismissing the issues and their severity, which led to public disclosure.
According to NIST, the four vulnerabilities in `cups-browsed` can be part of an exploit chain leading to remote code execution (RCE).
“This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled,” the vulnerability description reads.
Your email address will not be published. Required fields are markedmarked