New Security Vulnerabilities Discovered in Linux CUPS Printing System

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems, allowing for remote command execution under certain conditions. Security researcher Simone Margaritelli highlighted a scenario where a remote unauthenticated attacker could replace existing printers’ IPP urls with malicious ones, leading to arbitrary command execution when a print job is initiated.

The vulnerabilities affect various components within the CUPS system, including cups-browsed, libcupsfilters, libppd, and cups-filters. These flaws could be chained together to create an exploit that enables an attacker to create a fake printing device on a network-exposed Linux system running CUPS and trigger remote code execution by sending a print job.

RHEL issued an advisory stating that all versions of the operating system are impacted by the vulnerabilities but clarified that they are not exploitable in the default configuration. Cybersecurity firm Rapid7 pointed out that affected systems can be exploited if UDP port 631 is accessible and the vulnerable service is listening.

Palo Alto Networks confirmed that its products and cloud services are not impacted by these CUPS-related vulnerabilities. Patches are currently being developed and are expected to be released soon. In the meantime, users are advised to disable or remove the cups-browsed service if unnecessary and to block or restrict traffic to UDP port 631.

While these vulnerabilities are serious, experts like Satnam Narang from Tenable emphasize that they do not reach the level of highly impactful vulnerabilities like Log4Shell or Heartbleed. Nevertheless, security research remains crucial in uncovering and addressing vulnerabilities to enhance overall cybersecurity.