https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
A series of vulnerabilities have been discovered in the CUPS (Common Unix Printing System) open-source printing software that could potentially allow attackers to execute code remotely on vulnerable systems.
These vulnerabilities, however, require specific conditions to be exploited and are unlikely to have a widespread impact.
Here’s a breakdown of the situation:
- The vulnerabilities: Four vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) can be chained together to achieve remote code execution (RCE).
- Impact: For the vulnerabilities to be exploited, several things need to happen:
- The cups-browsed daemon, which is not enabled by default, must be running on the targeted system.
- An attacker must trick a user on the system to print to a malicious printer that appears on their network.
- Mitigation: Disabling the cups-browsed service significantly reduces the risk. Red Hat has shared specific commands to stop and disable the service.
- Severity: Due to the limited exploitability, Red Hat has rated the vulnerabilities as having an “Important” severity impact, not critical.
Security experts advise users and administrators to check if the cups-browsed service is running and disable it if not needed. While patches are still under development, this mitigation measure significantly reduces the risk of exploitation.
It’s important to note that CUPS is a widely used printing system on Linux and Unix-like operating systems. However, the specific configuration required for this exploit to work makes widespread impact unlikely.