the new "9.9" Severity Linux Vunlerability

Eric Parker

27 Sept 202411:56

Summary

TLDRIn this video, Eric discusses a severe 9.9 CVSs vulnerability in the Common Unix Printing System (CUPS), affecting Linux and Unix systems. The flaw allows remote attackers to execute arbitrary code by adding a malicious printer. Despite being less severe than Eternal Blue, it's still concerning due to its broad impact and the challenges faced in disclosing it. Eric also touches on the developer's initial response, the potential risks of default configurations, and the importance of patches and firewalls.

Takeaways

🐧 The CVSS 9.9 vulnerability affects all Unix/Linux systems, including macOS, due to its use of the Common Unix Printing System (CUPS).
🔍 CUPS, developed by Apple, is intended to simplify printing on Unix-based systems but has been found to have security flaws.
💡 The vulnerability allows remote unauthenticated attackers to replace existing printers or install new malicious ones, leading to arbitrary command execution.
🚧 The issue is considered less severe than Eternal Blue but still poses a significant security risk.
🔒 The vulnerability can be exploited via the internet if the affected port is exposed or through local network spoofing.
🛡️ Proper firewall configuration can mitigate the risk, but many systems may still be exposed due to misconfigurations.
🔎 Security researchers have discovered that hundreds of thousands of devices have the vulnerable service enabled on the public internet.
🛠️ The vulnerability exists in CUPS versions from 2.6 to the latest, indicating a long-standing issue.
📢 The developer's initial response to the vulnerability was slow and dismissive, causing frustration among security researchers.
🌐 The vulnerability was eventually disclosed, but not before it was leaked on breach forums, highlighting issues with the disclosure process.

Q & A

What is the CVSS 9.9 vulnerability discussed in the script?
-The script discusses a vulnerability in the Common Unix Printing System (CUPS) that affects all Unix/Linux systems, allowing remote code execution without authentication.
What does CUPS stand for and what is its purpose?
-CUPS stands for Common Unix Printing System, developed by Apple to make printing on Unix-based systems easier.
How does the vulnerability allow an attacker to execute commands?
-The vulnerability allows an attacker to inject a command line parameter into a printer addition process, which can then be triggered when a print job is started.
Is this vulnerability as severe as Eternal Blue?
-While severe, the CUPS vulnerability is considered less bad than Eternal Blue because it does not allow for system takeover with zero authentication or interaction.
How can this vulnerability be exploited on the public internet?
-An attacker can exploit this vulnerability by sending a UDP packet to trigger a get printer attributes request, or by spoofing a zeroconf mDNS advertisement.
What is the potential impact of this vulnerability on systems with the CUPS browsed enabled?
-Systems with CUPS browsed enabled can have their printers replaced or new malicious printers installed, leading to arbitrary command execution.
How can users protect themselves from this vulnerability?
-Users can protect themselves by updating CUPS, disabling the CUPS browsed feature if not needed, or blocking the necessary ports with a firewall.
What was the initial developer response to the discovery of this vulnerability?
-The initial developer response was slow and dismissive, with the vulnerability being initially downplayed and not taken seriously.
How was the vulnerability discovered and reported?
-The vulnerability was discovered through port scanning and analysis of CUPS. The researcher submitted a report to a vulnerability database, which unfortunately got leaked before disclosure.
What are the potential long-term implications of this vulnerability?
-The vulnerability could lead to a long tail of issues as it affects a broad range of systems and may not be quickly patched, especially on older or less maintained systems.
What is the significance of the vulnerability having a CVSS score of 9.9?
-A CVSS score of 9.9 indicates a critical vulnerability with a high severity level, suggesting that it can be easily exploited and has a significant impact.