Fortra is actively researching several vulnerabilities in UNIX systems. These vulnerabilities can allow a remote unauthenticated attacker to achieve remote code execution via a UDP packet to port 631 if the CUPS port is open. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements. Customers are recommended to update the CUPS package to mitigate this vulnerability.
The following vulnerabilities are included in this advisory:
- CVE-2024-47177
- CVE-2024-47176
- CVE-2024-47175
- CVE-2024-47076
Who is affected?
UNIX systems with CUPS installed and enabled are affected. The affected CUPS packages, including cups-browsed, are available for most systems, but may or may not be enabled by default. Check your distribution’s security advisories to determine if you are affected.
- Redhat advisory
- Debian advisories
- Ubuntu advisories
- Amazon Linux advisories
- Suse advisories
What can I do?
The following mitigation steps are recommended:
- Disable and remove the cups-browsed service if not needed.
- Update the CUPS package.
- If the system cannot be updated, block all traffic to UDP port 631 and possibly all DNS-SD traffic.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities in addition to those listed below.
Alert Logic Network IDS: Alert Logic released IDS telemetry signatures to aid in detection research.
Alert Logic Vulnerability Scanning: Alert Logic released agent-based scan detection for Ubuntu and RHEL on September 30, 2024. Additionally, Alert Logic released authenticated scan coverage for Alma, Ubuntu, and RHEL on October 1, and for Amazon Linux 2023 on October 8.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.
09/30/2024: Alert Logic released agent-based scan detection for Ubuntu and RHEL.
10/01/2024: Alert Logic released authenticated scan coverage for Alma, Ubuntu, and RHEL.
10/08/2024: Alert Logic released authenticated scan coverage for Amazon Linux 2023.
Comments
0 comments
Please sign in to leave a comment.