A critical vulnerability has been discovered in the Linux system CUPS (Common Unix Printing System), which could allow hackers to remotely hijack devices connected to the internet or local network. The bug, known as CVE-2024-47176, is a result of a misconfigured server listening on UDP port 631 and trusting packets from any source.
Discovered by software developer Simone Margaritelli, the vulnerability can be exploited if a user starts a print job. The attacker would need to reach the CUPS service on UDP port 631 or spoof zeroconf advertisements to achieve exploitation.
To mitigate this risk, users are advised to:
– Disable and/or remove the cups-browsed service
– Update their CUPS installation with security updates (if available)
– Block access to UDP port 631 and consider blocking off DNS-SD
The bug affects most Linux distributions, some BSDs, possibly Google ChromeOS, Oracle’s Solaris, and potentially others. However, users who do not use cups-browsed or CUPS are not at risk.
Simone Margaritelli has warned that the vulnerability is not a 9.9-out-of-10 CVSS severity hole as initially reported by another engineer, but rather a less critical issue due to user interaction being required.
Organizations and users are advised to take steps to determine their exposure before responding to potential breaches. While this vulnerability may be significant for some systems, it is considered to impact less than a single-digit percentage of all deployed internet-facing Linux systems.
Source: https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/