There’s has been a spotlight on one of the vulnerability reported critical unauthenticated remote code execution flaws affecting Linux systems.
Security researcher Simone Margaritelli discovered this vulnerability and has shared a write-up around this potentially very impactful Linux vulnerability. The vulnerabilities tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned around these CUPS issues and has a CVSS score of 9.9.
This vulnerability doesn’t affect the Linux kernel but rather CUPS, the print server commonly used on Linux systems and other platforms.
This remote code execution issue can be exploited across the public Internet via a UDP packet to port 631 without needing any authentication, assuming the CUPS port is open through your router/firewall. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements.
Besides CUPS being used on Linux distributions, it also affects some BSDs, Oracle Solaris, Google Chrome OS, and others. There is no Linux fix available for this vulnerability; however, it’s recommended to disable and remove the “cups-browsed” service, updating CUPS, or at least blocking all traffic to UDP port 631.
Red Hat has also published a blog post with their response to these CUPS vulnerabilities. Mitigating RHEL servers is done by disabling cups-browsed. For more details, refer to the this blog post by researcher Simone Margaritelli.
