A naukri.com initiative
Ubuntu
1M
227
Image Credit: Ubuntu
CUPS Remote Code Execution Vulnerability Fix Available
- Canonical has released security updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all Ubuntu LTS releases to address the CVE IDs assigned to the exploit chain surrounding CUPS.
- The vulnerability is exploited by tricking CUPS into generating an attacker-controlled PPD file for a printer containing an arbitrary command which is executed whenever the next print job is sent.
- The first way to generate the manipulated PPD file is through the local network using mDNS to register a new printer or replace the PPD file, and the second way is registering a new printer with a malicious PPD file over any network, including the Internet, using UDP-based protocol.
- If these affected packages are installed, the recommended course of action is to update them promptly. Servers without appropriate firewall rules and laptop computers that may connect to untrusted networks are particularly at risk.
- Upgrades should be followed by a restart of the CUPS daemon through a Sysctl command. Canonical is still releasing security updates for ESM releases shortly.
- Desktop computers can have the cups-browsed component removed or network protocols disabled, while for print servers, disabling network printer detection can stop the injection of the malicious PPD file.
- The coordinated disclosure date of these issues had to be moved up before public disclosure as vulnerabilities are commonly discussed between a reporter, affected projects and Linux distributions, and must be under embargo to release security updates simultaneously by all software vendors.
- Canonical recommends embargoed issues be worked on discreetly and if disagreements come up during disclosure, third-party coordinators, such as CERT/CC’s VINCE, can step in to mediate discussion.
- The attack vector of the vulnerability is reduced, but still considerable when the attacker can generate the multicast datagrams on the local network and have them reach the cups-browsed daemon, port 631.
- If security updates cannot be applied, the unattended-upgrades feature is enabled by default from Ubuntu 16.04 LTS and onwards. This service applies new security updates every 24 hours automatically.
Read Full Article
13 Likes
For uninterrupted reading, download the app