CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177
Official statements:
-
Red Hat Official ☛ Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177
Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177) within OpenPrinting CUPS, an open source printing system that is prevalent in most modern Linux distributions, including RHEL. Specifically, CUPS provides tools to manage, discover and share printers for Linux distributions. By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems.
-
Ubuntu ☛ CUPS Remote Code Execution Vulnerability Fix Available
Canonical’s security team has released updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all Ubuntu LTS releases under standard support. The updates remediate CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, while CVE-2024-47177 is addressed by the other 3 vulnerabilities being patched. Information on the affected versions can be found in the CVE pages linked above. If you have any of these installed, our recommendation is to update as soon as possible. Read on to learn more about the details. Security updates for ESM releases will be released shortly.
Update
Hype noted:
-
Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected
A researcher has disclosed the details of an unpatched vulnerability that had been expected to pose a serious threat to many Linux systems, but it turned out to be less serious than anticipated.
On September 23, researcher Simone Margaritelli revealed that he would — in less than two weeks — disclose the details of an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems. He noted that the flaw had been assigned a CVSS score of 9.9, which led many members of the cybersecurity industry to believe that it would be a highly critical, high-impact issue.
Margaritelli indicated at the time that he was displeased with the entire responsible disclosure process, noting that no working fix had been developed, and no CVE identifier had been assigned.
Shortly after, information on the vulnerability was leaked on GitHub and it started circulating on cybercrime forums. As a result, the researcher disclosed technical details and published a proof-of-concept (PoC) exploit on Thursday.
Lunduke, who hyped it up:
-
The "9.9" Linux Vulnerability Revealed: It's The Printers
Remote attacker can execute code by simply sending a UDP packet to a GNU/Linux machine.
LWN:
-
Remote exploit of CUPS
Security researcher Simone Margaritelli has reported a new vulnerability in CUPS, the software that many GNU/Linux systems use to manage printers and print jobs. Margaritelli describes the impact of the attack by saying: A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer). The vulnerability relies on a few related problems in CUPS libraries and utilities; versions before 2.0.1 or 2.1b1 (depending on the component) may be affected. Red Hat has released a security bulletin as well.
A couple more:
-
Printer bug sends researchers into uproar, affects major GNU/Linux distros
The vulns would allow attackers to run any commands on targeted computers without user knowledge. But it would take a lot of work to get to that point.
The post Printer bug sends researchers into uproar, affects major GNU/Linux distros appeared first on CyberScoop.
-
Patch for Critical CUPS vulnerability: Don't Panic, (Thu, Sep 26th)
Good title:
-
You're probably not vulnerable to the CUPS CVE
Unless your servers can print for some reason
OMGJoey:
-
Ubuntu Patches ‘Severe’ Security Flaw in CUPS
If you’ve cast a half-glazed eye over Linux social media feeds at some point in the past few days you may have caught wind that a huge Linux security flaw was about to be disclosed.
-
CUPS flaws enable Linux remote code execution, but there’s a catch
-
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices
-
Critical 9.9 Linux bug: CUPS your ears, the details are here!
-
Old Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher Claims
-
Red Hat Warns About Remote Code Execution Flaws Impacting Enterprise Linux
-
Linux nerds in existential crisis
-
FYSA – Critical RCE Flaw in GNU-Linux Systems
The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service.
More:
GoL:
-
Major flaw found in CUPS - time to run Linux system updates
Yesterday details went public about a major security issue that was found in CUPS, the open source printing system.
Misleading title:
-
New Cups Exploit Makes Desktop GNU/Linux Users Particularly Vulnerable — Update Now
By taking advantage of four separate vulnerabilities, an attacker can take control of a GNU/Linux system without having physical access to the targeted machine.
In reality, almost nobody is threatened by the CUPS holes because many assumptions are made about the setup (it's rare).
Lots more today, but mostly nonsense and drama (hype):
-
Remote code execution exploit for CUPS printing service puts Linux desktops at risk
-
Worried about that critical RCE Linux bug? Here's why you can relax
-
A quartet of Linux CVEs draws exploit fears among open source community
-
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
-
Printing vulnerability affecting Linux distros raises alarm
-
CUPS vulnerabilities could put Linux systems at risk
-
Linux Distros Patching Printer Hijacking Flaw
-
OpenPrinting CUPS Flaws Hit Major Linux Distributions
-
Unauthenticated RCE Flaw Impacts all Linux Systems – Details Revealed
-
CUPS flaws allow remote code execution on Linux systems under certain conditions
-
PSA: Critical 9.9 vulnerability discovered in the CUPS package (Linux)
-
Four flaws in CUPS with no patch immediately available.
-
Printing feature in Linux vulnerable to RCE attack
Nostalgia:
-
The CUPS vulnerability is oddly nostalgic
We all joke about how bad printers are, save for Brother units. It’s weird to think even they can be a vector for attack, indirectly or otherwise. But I suppose as Mikko Hypponen says, if it’s smart, it’s vulnerable.
Almost nothing left today:
-
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.
Only a trickle by now:
-
How to Safeguard Your Systems from Linux CUPS Vulnerabilities
On September 23rd, a security researcher named Simone Margaritelli (evilSocket on X) disclosed 4 vulnerabilities in OpenPrinting Common Unix Printing System (CUPS), a modular printing system for Unix-like operating systems that enables users to manage printers and print jobs. Due to an inadequate response from the developers following the responsible disclosure process, Margaritelli decided to publish the vulnerabilities publicly.
-
Critical printing system bugs affect hundreds of thousands of Linux machines
Linux systems running a printing system CUPS (Common Unix Printing System) are vulnerable to a critical exploit, enabling attackers to run remote code.
Security researcher Simone Margaritelli disclosed several unpatched vulnerabilities affecting Linux systems.
“A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP (Internet Printing Protocol) URLs with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),” the researcher said in a report.
New flavour of the FUD:
-
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai.
Lots of FUD now:
-
The Linux disaster that almost was [Ed: Pure FUD from a Microsoft propagadna site; they're hyping up a nothingburger]
-
Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS [Ed: CUPS is Apple, not "Linux", and almost nobody is impacted by this]