A critical flaw: what do we know?<\/h2>\n\n\n\n
The security researcher Simone Margaritelli<\/strong>discovered this set of faults in early September.<\/p>\n\n\n\n This concerns CUPS, the Linux printing service. The researcher highlights a possible Remote Code Execution (RCE). without authentication<\/strong>. This means that attackers could potentially execute commands on remote machines without having to identify themselves, making the flaw particularly dangerous. The CVSS score assigned to these vulnerabilities is between 8.3 and 9.0\/10<\/strong> (after being rated at 9.9).<\/p>\n\n\n\n On September 26, Na\u00efm Aouaichia, cybersecurity engineer, alerted us and told us before anyone else that this could affect CUPS :<\/p>\n\n\n\n \"Some rumors suggest that this flaw is linked to vulnerabilities in CUPS, the printing service. Yes, your printers may be at the heart of it all. To be confirmed.<\/p>\n\n\n\n According to some hypotheses, the problem could be linked to a buffer overflow or a race condition.\"<\/p>\nExtract from the LinkedIn post of Na\u00efm Aouaichia, cybersecurity engineer<\/a><\/cite><\/blockquote>\n\n\n\n Update 29\/09\/2024<\/strong><\/p>\n\n\n\n Like Na\u00efm winds it up on September 28<\/a>This flaw concerns CUPS, with 4 CVEs revealed:<\/p>\n\n\n\n This does not apply to dedicated servers under firewall and\/or with a print service not running. This vulnerability has a long history, having been present in GNU\/Linux systems for many years. over a decade<\/strong>. It affects all<\/strong> Linux distributions, including Debian, Ubuntu, RedHat and others.<\/p>\n\n\n\n Despite the importance of this flaw, there are currently no no correction<\/strong> available. Developers are still debating which aspects of the flaw really affect security, which is delaying the release of a patch.<\/p>\n\n\n\n Researcher Margaritelli, who made the discovery, worked tirelessly for three weeks to alert the open source community and help coordinate patching efforts. However, it met with a great deal of resistance from developers<\/a>Some are reluctant to accept the existence of this flaw in their code. This underlines the challenges facing vulnerability management in the open source world.<\/p>\n\n\n\n Some accuse him of trying to boost his popularity. But let's face it: the researcher has indeed discovered a major flaw that everyone has been ignoring for over 10 years.<\/p>\n\n\n\n Canonical (Ubuntu)<\/strong> and RedHat<\/strong> have confirmed the seriousness of the situation and are actively working on a solution. Full disclosure of the technical details of the flaw is planned. October 6<\/strong>This increases the pressure for a rapid patch release.<\/p>\n\n\n\n The roadmap is as follows:<\/p>\n\n\n\n Margaritelli indicated from the outset that it would probably be necessary to at least three to six CVE identifiers<\/strong> (Common Vulnerabilities and Exposures) to cover all aspects of the problem. This means that there are several potential attack vectors, each requiring specific analysis and resolution.<\/p>\n\n\n\n As we now know, you must absolutely avoid exposing your IPP services to the Internet (port 631 should be blocked on firewalls).<\/strong><\/p>\n\n\n\n Although this flaw is critical, it is not so easily exploited<\/strong>. It requires a high level of technical expertise, which means that, for the time being, only highly skilled attackers could make use of it. The details of the flaw are not yet public, limiting its impact. But this should not make you complacent. You need to remain vigilant, because once full disclosure has been made, exploitation attempts will multiply.<\/p>\n\n\n\n Pending an official patch, here are some best practices to limit the risks:<\/p>\n\n\n\n This RCE flaw is undoubtedly one of the most serious to be discovered in the GNU\/Linux ecosystem in a long time. However, it's important not to panic. No system is free of flaws, and Linux remains the most reliable and secure operating system. It's worth remembering that most servers don't have a CUPS service running, but if they do, then take extra care. By adopting the recommended security measures and keeping an eye on official announcements, you can minimize the risks. The open source world is generally quick to react and will certainly be able to overcome this ordeal effectively, despite the internal divergences inherent in collaborative work.<\/p>\n\n\n\n Keep an eye on upcoming patches and make sure your systems are ready for them. IT security is an ongoing challenge, but staying proactive will ensure that your WordPress servers and clients stay protected.<\/p>\n\n\n\n LRob is keeping a very close eye on this, and if the servers aren't affected, I guarantee that we'll fix this global flaw as soon as the patch is available.<\/p>\n\n\n\n Finally, for those who will argue that \"Linux isn't secure\", here's a little comparison Linux<\/a> VS Microsoft<\/a>.<\/p>\n\n\n\n\n
\n
For local administrators using CUPS, stay tuned.<\/p>\n<\/div>\n\n\n\nA long-standing problem<\/h3>\n\n\n\n
Disclosure process<\/h2>\n\n\n\n
\n
Why is it complicated to correct the flaw?<\/h2>\n\n\n\n
What are the risks for you?<\/h2>\n\n\n\n
What to do in the meantime?<\/h2>\n\n\n\n
\n
Conclusion: remain vigilant but serene<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/cvvs-report-windows-vs-linux.png\")