Skip to main content
close search
site logo
Dive Brief

A quartet of Linux CVEs draws exploit fears among open source community

Attackers can use the chained vulnerabilities to execute remote commands after a user initiates a print job.

Published Sept. 27, 2024
David Jones's headshot
Reporter
Printer
A series of chained vulnerabilities in Linux raised fears of a major new exploit chain that could target thousands of print users. Simonkr via Getty Images

Dive Brief:

  • Security researchers are warning about critical vulnerabilities in the Common Unix Printing System used on Linux, which could allow a hacker to gain control over remote command execution when the flaws are chained together and a print job is separately launched by the user.
  • The vulnerabilities, listed as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, can allow an attacker to replace IPP urls on a printer with a malicious version, giving them the ability to command capabilities on a system. 
  • The vulnerabilities were initially assigned a score of 9.9, with the expectation of coordinated disclosure and later public notification by Oct. 6. However, the original research leaked on Thursday, and security researchers have since dialed back some of their initial fears, which compared the potential impact to Log4j and Heartbleed.

Dive Insight:

Security researcher Simone Margaritelli, who operates under the name @evilsocket, discovered the bugs in early September. The researcher documented and disclosed the issues, but grew increasingly concerned the CVEs were not being properly addressed. 

Red Hat warned the vulnerabilities could allow an attacker to potentially steal sensitive data or damage critical systems. 

Red Hat said all versions of Red Hat Enterprise Linux are affected, but cautioned they are not vulnerable in their default configurations, in a blog post released Thursday

Canonical released updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all Ubuntu LTS releases under standard support, it said in a blog post Thursday. 

The security updates address issues with the first three vulnerabilities, while the specific issues related to CVE-2024-47177 are addressed by the patches released for the other three CVEs, according to Canonical. 

Sonatype co-founder and CTO Brian Fox's initial fears about the vulnerabilities were somewhat abated, but he warned the longer-term risk could still have serious implications. 

“This situation is concerning because future attacks following a similar pattern might not require a print job to trigger and could exploit similar vulnerabilities,” Fox said in a statement

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell