September 27, 2024 at 09:24AM
New security vulnerabilities in CUPS on Linux systems permit remote command execution. Attackers can exploit these issues to install fake printers and execute malicious code, potentially leading to data theft or system damage. The vulnerabilities affect RHEL but do not impact Palo Alto Networks products. Patches are forthcoming, and temporary solutions include disabling cups-browsed and restricting UDP port 631 traffic.
Based on the meeting notes, the OpenPrinting Common Unix Printing System (CUPS) on Linux has been found to have a set of security vulnerabilities that could potentially lead to remote command execution. Specific vulnerabilities including CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been identified. These vulnerabilities could allow an attacker to create a fake printing device on a network-exposed Linux system running CUPS and execute remote code upon sending a print job.
RHEL has advised that all versions of the operating system are affected by these flaws, although they are not vulnerable in their default configuration. This has been tagged as an “Important” severity issue by RHEL, but the real-world impact is likely to be low. Cybersecurity firms, Rapid7 and Palo Alto Networks, have also highlighted the exploitability of affected systems and confirmed the absence of the vulnerabilities in their products and cloud services.
It is important to note that patches for these vulnerabilities are currently being developed and are expected to be released in the coming days. In the meantime, organizations are advised to consider disabling and removing the cups-browsed service if it’s not necessary, and to block or restrict traffic to UDP port 631.
Furthermore, the potential impact of these vulnerabilities has been discussed by industry experts, with Benjamin Harris highlighting that the vulnerabilities may only affect a subset of Linux systems, and Satnam Narang emphasizing the need for better security measures in software development and the ongoing risk from known vulnerabilities exploited by threat groups.
Finally, it is mentioned that the article is available on Twitter and LinkedIn, where more exclusive content is posted for further reading.