Benjamin Harris, CEO of cybersecurity firm watchTowr, said CUPS itself is the software that handles printing on a Linux machine, and thus, by virtue of Linux not being a 'desktop' operating system in many environments in the same way that you'd see Windows, the impact and scope of the bugs is reduced. Larry Cashdollar, principal security researcher at Akamai, said he was going through Margaritelli’s technical write-up about the four CUPS vulnerabilities when he discovered another attack vector was not discussed: DDoS. “For each packet sent by a bad actor, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target,” Akamai said. To begin the attack, Akamai claimed a threat actor would only have to send one packet to a vulnerable and exposed CUPS service with internet connectivity. Risky Biz reported this week that threat actors are scanning the internet for UNIX systems that are exposing their printing ports in an effort to abuse the CUPS bugs. Researchers at technology firm Akamai said on Tuesday that distributed denial-of-service (DDoS) attacks could be launched using four vulnerabilities affecting Common UNIX Printing System, also known as CUPS. CUPS allows printing on many Linux-based systems and the four bugs help attackers to potentially change that service and trick users into running malicious code. For each packet sent, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target. “That being said, if you are using a desktop edition of Linux (say Ubuntu Desktop and for example, developers) – there is a good chance you have CUPS installed, but whether it is turned on in a vulnerable state is harder to predict,” Harris explained. The researchers noted that many of the identified machines are running older versions of CUPS dating back to 2007, giving threat actors prime real estate to exploit the bugs. CUPS comes with all Linux operating systems, most BSD systems and some Apple and Android-based computers, according to OpenSSF Technical Advisory Council chair Christopher Robinson. The initial concerns about the CUPS vulnerabilities were tempered when experts noted that remediation was fairly simple and exploitation is only available in a limited number of scenarios. “It would take an attacker mere seconds to co-opt every vulnerable CUPS service currently exposed on the internet,” he wrote. A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline. Akamai’s Security Intelligence and Response Team (SIRT) said they found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet. The vulnerabilities, which allow attackers to run malicious code on a remote device, were discovered by Italian security researcher Simone Margaritelli and disclosed last week. “DDoS continues to be a viable attack vector used to harass and disrupt victims across the internet, from major industries and governments to small content creators, online shops, and gamers,” he said.
This Cyber News was published on therecord.media. Publication date: Wed, 02 Oct 2024 21:10:27 +0000