Recent security flaws in the Common Unix Printing System (CUPS) for Linux systems have been identified, potentially allowing attackers to execute malicious code remotely under specific conditions. Discovered by security researcher Simone Margaritelli, these vulnerabilities affect multiple components of the CUPS system, including libcupsfilters, libppd, and cups-filters.
While these vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) could allow attackers to install fake printers and execute arbitrary commands via print jobs, they do not affect Linux systems in their default configuration. For an attack to succeed, the vulnerable cups-browsed daemon must be enabled, which is typically disabled by default.
The flaws allow attackers to exploit weaknesses in network data validation, leading to remote code execution when a print job is sent to a compromised printer. However, the attack surface remains limited, as it requires local network access and user interaction with a spoofed printer.
Admins are advised to disable the cups-browsed service and block UDP port 631 until patches are released. Although the technical impact is significant, experts suggest the real-world threat is relatively low due to the mitigations in place.
- Disable cups-browsed service:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed - Use firewall rules to block the port:
sudo iptables -A INPUT -p udp –dport 631 -j DROP
