September 27, 2024 at 06:21AM
Researcher Simone Margaritelli revealed an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems, initially considered highly critical. The flaw, related to OpenPrinting’s Common UNIX Printing System (CUPS), was later disclosed alongside its CVE identifiers. Exploitation requires certain conditions and mitigating factors lower the real-world applicability and severity of the issue.
From the meeting notes, the key takeaways are:
– Researcher Simone Margaritelli disclosed a remote code execution (RCE) vulnerability affecting all GNU/Linux systems, which was later found to be related to CUPS.
– Four CUPS vulnerabilities have been disclosed and assigned CVE identifiers: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177.
– Red Hat stated that the vulnerabilities have a ‘high’ severity rating rather than a ‘critical’ rating based on revised CVSS scores, and there are significant mitigating factors.
– Exploitation of the vulnerabilities requires manual enabling of the impacted CUPS services, access to a vulnerable server, provision of a malicious printer, and the victim to start a print job.
– Managed extended detection and response firm Ontinue’s analysis suggests that the real-world applicability of the vulnerabilities is low and that the issue is urgent only for Linux systems printing often.
– Patches for the vulnerabilities have not been released, but there are some easy mitigations, including running commands to stop vulnerable services and blocking traffic to UDP port 631 and DNS-SD traffic.
Please let me know if you require any additional information or clarification.