Simone Margaritelli (simone margaritelli), the creator of the network analyzer Bettercap and the inter-sewage application Opensnitch, has recently disclosed critical vulnerabilities in the print server CUPS. These vulnerabilities affect distributions like GNU/Linux, Solaris, FreeBSD, and other BSD systems. Originally scheduled for October 6, the publication was brought forward due to information leakage, leaving many distributions unprepared for the necessary package updates. These vulnerabilities allow for unauthorized remote code execution on the affected systems.
The researcher has demonstrated a working exploit, which leverages multiple vulnerabilities to execute remote code with the privileges of the CUPS printing process. This exploit can replace a user’s printer or add a new printer connected to a malicious IPP server, ultimately executing attacker-controlled code. The attack targets CUPS print servers and the CUPS-Browsed process, exploiting network connections on port 631 (UDP) and potentially affecting local networks using ZeroConf, MDNS, or DNS-SD protocols.
The vulnerability impacts all CUPS printing systems using vulnerable versions of packages like cups-filters, libcupsfilters, libppd, and cups-browsed. Patches are currently available for the vulnerabilities in these packages, with corrected versions like cups-filters 2.0.1.