Background
A new (yet undisclosed) Remote Code Execution Vulnerability has been identified in the CUPS printing system of Linux computers. As of now all versions/flavors of Linux are affected by it as long as you are running CUPS service.
Problem Description
Security researchers have identified a remote, unauthenticated code execution vulnerability in the CUPS printing subsystem of ALL flavors of Linux systems.
Impact
It is our understanding that this occurs in the default configuration of Linux, and a successful exploitation could lead to remote code execution as root. We have not yet seen or heard of any active exploits in the wild. However, we have seen active scanning on going.
Various distributions have announced patches for affected versions:
Ubuntu: https://ubuntu.com/blog/cups-remote-code-execution-vulnerability-fix-available
Debian:
RedHat: https://access.redhat.com/security/vulnerabilities/RHSB-2024-002
Solution
Upgrade your vulnerable CUPS package to a supported stable release as provided by your distribution and restart the cups service as soon as possible.
Workaround
If CUPS cannot be updated, please uninstall/disable the packages
For most distributions you can disabled the affected services with
sudo systemctl stop cups-browsed
sudo systemctl stop cups
sudo systemctl disable cups-browsed
sudo systemctl disable cups
In some Ubuntu instances cups may have been installed through snapd so you may need to run the following instead.
sudo systemctl stop snap.cups.cupsd.service
sudo systemctl stop snap.cups.cups-browsed.service
sudo systemctl disable snap.cups.cupsd.service
sudo systemctl disable snap.cups.cups-browsed.service
