Linux Remote Code Execution Flaw In CUPS

A recent set of vulnerabilities has been discovered in the Common UNIX Printing System (CUPS), which is widely used on Linux and other Unix-like operating systems. These flaws, tracked as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, can potentially allow attackers to execute arbitrary code on vulnerable systems through remote exploitation. The primary issue lies in the “cups-browsed” component, which, under specific configurations, allows unauthorized network access to install malicious printer drivers and execute code when a print job is initiated.

The vulnerabilities are not exploitable on systems with default configurations, as the “cups-browsed” service is typically disabled. However, if this service is enabled, attackers can target machines with open UDP port 631, which is used for network printing. The malicious code runs with the privileges of the “lp” user, rather than root, limiting the damage somewhat. Nevertheless, systems that allow remote printing over networks are at risk, especially servers and desktops exposed to the internet.

While no patches have been released yet, administrators are advised to mitigate the risks by disabling the “cups-browsed” service, blocking UDP port 631, and applying security updates as soon as they are available. This vulnerability has a high CVSS score of 9.9, indicating critical severity, but its real-world impact is expected to be limited due to the specific conditions required for successful exploitation.

Security researchers recommend swift action to secure vulnerable systems, particularly those in enterprise environments, as attackers could use this flaw to gain access to sensitive data or disrupt operations

Threads
X
Email
Print