Oddbean new post about | logout
 CUPS flaws enable Linux remote code execution, but there’s a catch

Simone Margaritelli, a cybersecurity researcher and Linux developer, claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers to gain control of vulnerable devices.

Margaritelli found that if the CUPS (short for Common UNIX Printing System) - browsed daemon is enabled, which is not on most systems, it will listen on UDP port 631. It will also, by default, allow remote connections from any device on the network to create a new printer.

But there is a catch! "It is a chain of bugs that rely on spoofing a printer in your local network that is automatically added via network discovery if it is turned on at all - usually not in its default configuration. Then an unverified variable that is used to exploit other vulnerabilities in the CUPS system to execute code, but only when a print job is triggered," said Ilkka Turunen, Field CTO at Sonatype.

While patches are still in development, Red Hat shared mitigation measures requiring admins to stop the cups-browsed service from running and prevent it from being started on reboot.

https://hackread.com/old-vulnerability-9-9-impacts-all-gnu-linux-systems/
 https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/
 https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html

#security #cybersecurity