Network Security, Vulnerability Management, Patch/Configuration Management

CUPS vulnerabilities put Linux systems at risk of remote code execution

Share
Adobe Stock

A new set of vulnerabilities were discovered in a common component of Linux systems.

Researcher Simone Margaritelli disclosed four vulnerabilities in the Common Unix Printing System (CUPS) that could allow for remote code execution.

Dating back to the days of Unix systems, CUPS functions as the common interface for linking computers with printers. It made its way into Unix and is now a common component in everything from servers to PCs.

“A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),” Margaritelli explained.

The four flaws were designated CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. While each describes a slightly different condition, the end result is the same: a remote attacker can manipulate printer commands to send arbitrary instructions to a targeted machine.

While it is commonly agreed that the vulnerability can allow for remote code execution, there is some debate as to the real-world severity of the flaws. The most severe were given a 9.9 CVSS rating.

Some experts believe that the rating was a bit heavy handed and, in real-world terms, the flaws were not all they were made out to be. Researchers with security company Ontinue noted that there are some qualifications for an attack to take place.

“In order to leverage this vulnerability, an attacker would need to access the vulnerable system from the local network, or access it from the internet through a promiscuous firewall ‘NAT’ rule,” said the Ontinue team.

“In turn the vulnerable system must be permitted to contact a device (controlled by the attacker) which hosts a malicious printer driver.”

Margaritelli also walked back the importance of the flaw, noting that ratings are not always a reflection of real-world danger.

“I’m not an expert, and I think that the initial 9.9 was mostly due to the fact that the RCE is trivial to exploit and the package presence so widespread,” the researcher said.

“Impact-wise, I wouldn’t classify it as a 9.9," said Margaritelli. "But then again, what the hell do I know?”

Ratings aside, Linux users and administrators would be well-advised to install the latest updates for all of their firmware and dependencies.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.