The JFrog Security Research team has identified a critical security vulnerability in almost all GNU/Linux distributions, discovered by Simone Margaritelli. Rated as CVSS 9.9, this vulnerability has the potential to impact millions of Linux users worldwide, affecting major distributions such as Debian, Red Hat, and SUSE.
While JFrog does not consider this a log4j event due to the specific conditions needed for exploitation, the issue’s seriousness cannot be overlooked. With nearly a thousand different Linux distributions in use across desktops, servers, laptops, and even mobile devices, the potential reach of this vulnerability is significant.
The disclosed vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) are linked to CUPS (Common UNIX Printing System), commonly used for managing printing tasks. When exploited together, an attacker can gain remote access to systems once a malicious print job is triggered via a ghost printer with a harmful IPP URL. However, the vulnerability only activates when a print job is initiated on the compromised machine, making it harder to exploit in certain environments.
“While no fixed versions have been published to either the upstream projects or to any Linux distributions, those impacted can mitigate these vulnerabilities without upgrading by disabling and removing the cups-browsed service, blocking all traffic to UDP port 63 and all DNS-SD traffic,” said Shachar Menashe, Senior Director at JFrog Security Research.