A recent discovery by security researcher Simone Margaritelli has unveiled four critical vulnerabilities in the Common UNIX Printing System (CUPS) that could potentially allow remote code execution on Linux systems. Despite the severity of these vulnerabilities, no patches have been released yet.

The vulnerabilities, tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, were detailed in Margaritelli’s recent blog post. These vulnerabilities can be chained together to enable arbitrary command execution on affected systems, which includes Linux systems, Oracle Solaris, most UNIX systems, and potentially Google Chromium and Chrome OS.

Margaritelli’s discovery stemmed from the “cups-browsed” feature within CUPS, responsible for automatically adding new printers to the system. By exploiting the Internet Printing Protocol (IPP), Margaritelli found that he could add a fake printer to the list without notifying the user. This could potentially lead to a remote unauthenticated attacker replacing or adding IPP URLs with malicious ones, resulting in arbitrary command execution on the affected computer.

In light of these vulnerabilities, Margaritelli published a proof-of-concept exploit to raise awareness. However, affected Linux distributors and software vendors have yet to release any patches to address the issue. Margaritelli initially intended to disclose the vulnerabilities on October 6th but was forced to do so earlier due to a leak of his research to the public.

The severity of these vulnerabilities remains uncertain, with Margaritelli mentioning a severity rating of 9.9 according to Canonical, RedHat, and others. However, there is varying information about how severity scores are determined, and Red Hat did not provide scores in their public advisory for the CUPS flaws.

Tenable further expanded on the vulnerabilities in a separate blog post, rating one flaw (CVE-2024-47177) as critical with a 9.1 CVSS score, while the other three were deemed high severity. Despite concerns raised within the infosec community, Tenable suggested that the vulnerabilities may not be as severe as the Log4Shell vulnerability discovered in 2021.

While Tenable identified around 75,000 internet-accessible hosts running CUPS, they clarified that the flaws were not exploited as zero-days. They recommended disabling the cups-browsed service and blocking traffic to UDP port 631, which is used by CUPS for communication.

Additionally, Rapid7 addressed the vulnerabilities in their own blog post, anticipating patches to be released in the coming days. They cautioned users about potential malicious activities as technical details of the vulnerabilities were leaked before public disclosure.

As organizations await patches for these critical vulnerabilities, security experts advise users to stay informed by reading advisory notices from vendors like Red Hat and take necessary precautions to mitigate the risks associated with these flaws.

Извор линк