The recent disclosure of a critical vulnerability in the CUPS Unix system has raised concerns among Linux users worldwide. The vulnerability, which can lead to a computer seizure over a network or the Internet when initiating a print job, has not yet been addressed with updates.
Security researcher Simone Margaritelly detailed the vulnerabilities, which impact most Linux distributions, some BSD versions, Chromeos, and Solaris. The main threat stems from the Cups-BrowSed component, which can be exploited by attackers to compromise systems during print job initiation.
An attacker must have access to the CUPS service on port 631 and wait for a vulnerable system to print a document for successful exploitation. If port 631 is not accessible, attackers can resort to ZeroConf, MDNS, or DNS-SD as alternatives.
The researcher identified four vulnerabilities, including uncontrolled access to UDP port 631, lack of attributes during IPP execution, lack of attribute checking in PPD files, and the possibility of executing commands from data in PPD files.
Although the vulnerabilities pose a significant threat, user interaction is required for their exploitation. Margaritelly believes the CVSS score may not be as high as initially thought but still warrants attention.
While only a small percentage of Linux systems accessible via the Internet are affected, Benjamin Harris from Watchtowr advises organizations to assess their systems for potential security incidents.
To protect against these vulnerabilities, Margaritelly recommends disconnecting or deleting Cups-BrowSed, blocking access to UDP port 631 and DNS-SD, and updating CUPS once patches are released.
Margaritelly faced challenges during the disclosure of these vulnerabilities, highlighting the importance of addressing them promptly.