A brand new set of safety vulnerabilities has been disclosed within the OpenPrinting Widespread Unix Printing System (CUPS) on Linux techniques that might allow distant command execution below sure circumstances.
“A distant unauthenticated attacker can silently exchange current printers’ (or set up new ones) IPP urls with a malicious one, leading to arbitrary command execution (on the pc) when a print job is began (from that pc),” safety researcher Simone Margaritelli stated.
CUPS is a standards-based, open-source printing system for Linux and different Unix-like working techniques, together with ArchLinux, Debian, Fedora, Crimson Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux.
The record of vulnerabilities is as follows –
- CVE-2024-47176 – cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any supply to set off a Get-Printer-Attributes IPP request to an attacker-controlled URL
- CVE-2024-47076 – libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 doesn’t validate or sanitize the IPP attributes returned from an IPP server, offering attacker-controlled information to the remainder of the CUPS system
- CVE-2024-47175 – libppd <= 2.1b1 ppdCreatePPDFromIPP2 doesn’t validate or sanitize the IPP attributes when writing them to a brief PPD file, permitting the injection of attacker-controlled information within the ensuing PPD
- CVE-2024-47177 – cups-filters <= 2.0.1 foomatic-rip permits arbitrary command execution by way of the FoomaticRIPCommandLine PPD parameter
A web consequence of those shortcomings is that they could possibly be usual into an exploit chain that enables an attacker to create a malicious, faux printing gadget on a network-exposed Linux system working CUPS and set off distant code execution upon sending a print job.
“The problem arises attributable to improper dealing with of ‘New Printer Out there’ bulletins within the ‘cups-browsed’ element, mixed with poor validation by ‘cups’ of the data offered by a malicious printing useful resource,” community safety firm Ontinue stated.
“The vulnerability stems from insufficient validation of community information, permitting attackers to get the susceptible system to put in a malicious printer driver, after which ship a print job to that driver triggering execution of the malicious code. The malicious code is executed with the privileges of the lp consumer – not the superuser ‘root.'”
RHEL, in an advisory, stated all variations of the working system are affected by the 4 flaws, however famous that they don’t seem to be susceptible of their default configuration. It tagged the problems as Necessary in severity, provided that the real-world impression is prone to be low.
“By chaining this group of vulnerabilities collectively, an attacker may doubtlessly obtain distant code execution which may then result in theft of delicate information and/or harm to essential manufacturing techniques,” it stated.
Cybersecurity agency Rapid7 identified that affected techniques are exploitable, both from the general public web or throughout community segments, provided that UDP port 631 is accessible and the susceptible service is listening.
Palo Alto Networks has disclosed that none of its merchandise and cloud providers include the aforementioned CUPS-related software program packages, and due to this fact usually are not impacted by the failings.
Patches for the vulnerabilities are at present being developed and are anticipated to be launched within the coming days. Till then, it is advisable to disable and take away the cups-browsed service if it isn’t essential, and block or limit visitors to UDP port 631.
“It appears just like the embargoed Linux unauth RCE vulnerabilities which have been touted as doomsday for Linux techniques, could solely have an effect on a subset of techniques,” Benjamin Harris, CEO of WatchTowr, stated in a press release shared with The Hacker Information.
“Given this, whereas the vulnerabilities when it comes to technical impression are severe, it’s considerably much less possible that desktop machines/workstations working CUPS are uncovered to the Web in the identical method or numbers that typical server editions of Linux could be.”
Satnam Narang, senior workers analysis engineer at Tenable, stated these vulnerabilities usually are not at a degree of a Log4Shell or Heartbleed.
“The fact is that throughout quite a lot of software program, be it open or closed supply, there are a numerous variety of vulnerabilities which have but to be found and disclosed,” Narang stated. “Safety analysis is important to this course of and we will and may demand higher of software program distributors.”
“For organizations which can be honing in on these newest vulnerabilities, it is necessary to focus on that the failings which can be most impactful and regarding are the recognized vulnerabilities that proceed to be exploited by superior persistent risk teams with ties to nation states, in addition to ransomware associates which can be pilfering companies for hundreds of thousands of {dollars} annually.”