• About Us
  • Privacy & Policy
  • Terms Conditions
  • Contact Us
biztoplocation.space
  • Home
  • Tech Trends

    The best deals ahead of the October Big Deal Days sale and everything we know so far

    Google Maps will flag businesses with potentially fake reviews

    DoNotPay ‘robot lawyer’ fined $193K by the FTC for not being a lawyer

    Meta’s Orion holographic avatars will (eventually) be in VR too

    Google files EU antitrust complaint against Microsoft

    California’s ‘click to cancel’ subscription bill is signed into law

    Horizon Zero Dawn Remastered arrives October 31 on PS5 and PC

    Ghost of Yōtei is a Tsushima sequel coming to PS5 in 2025

    The Google Photos video editor is getting AI, because of course it is

  • AI News
    The Quantum Arms Race Isn’t Just About Tech, It’s About Who Controls the Narrative

    “πŸŒ€ The Quantum Arms Race: Who Holds the Key to Our Tech Future? πŸŒπŸ”‘”

    New Survey Finds Balancing AI’s Ease of Use with Trust is Top of Business Leaders Minds

    Navigating the AI Frontier: Balancing Trust and Usability for Business Success 🀝✨

    Benjamin Harvey, Ph.D., Founder & CEO of AI Squared – Interview Series

    Unlocking the Future of AI: Dr. Benjamin Harvey’s Vision with AI Squared πŸš€βœ¨

    How to Realize Value from a GenAI-Enabled Workforce

    Maximize Your Business Potential: The Game-Changing Power of GenAI πŸš€βœ¨

    How Does AI Use Impact Critical Thinking?

    Navigating the AI Revolution: Boosting Critical Thinking in a Tech-Driven World πŸ€–βœ¨

    From Evo 1 to Evo 2: How NVIDIA is Redefining Genomic Research and AI-Driven Biological Innovations

    Unlocking the Secrets of Life: How NVIDIA is Revolutionizing Genomic Research with AI πŸš€πŸŒŸ

    Jotform Review: The Best Form Builder or Just Overhyped?

    Unlocking the Truth: Is Jotform the Next Best Thing in Form Building? πŸ€”πŸš€βœ¨

    The Road to Better AI-Based Video Editing

    Unlock Your Creative Potential: Explore the Future of AI in Video Editing! πŸŽ₯βœ¨πŸš€

    Post-RAG Evolution: AI’s Journey from Information Retrieval to Real-Time Reasoning

    Unlocking AI’s Future: From Data Fetching to Real-Time Thinking πŸ€–βœ¨

  • Cyber Security
    Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

    Unmasking the $540 Million Crypto Scam: How Europol Took Down a Fraud Empire πŸš¨πŸ’°

    Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

    🚨 Protect Your Code: What You Need to Know About the Open VSX Registry Flaw πŸ”’βœ¨

    nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

    Navigating the nOAuth Nightmare: Is Your Microsoft Entra App Safe? πŸš¨πŸ”’

    Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

    πŸ“‰ Hackers Strike: Unraveling the Shocking 2024 Saudi Games Data Breach πŸŒπŸ”“

    Beware the Hidden Risk in Your Entra Environment

    Shielding Your Entra: Unmasking Hidden Threats & Securing Your Digital Kingdom! πŸ›‘οΈπŸŒβœ¨

    Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

    🚨 Don’t Let Hackers Steal Your Secrets: Guard Your Microsoft Exchange Servers Now! πŸ›‘οΈπŸ”‘

    China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

    Caught in the Crossfire: How Salt Typhoon is Targeting Canadian Telecoms through Cisco Vulnerabilities πŸŒ©οΈπŸ“žπŸ”’

    Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks

    Secure Your AI Future: How Google is Tackling Prompt Injection Attacks πŸš€πŸ”’

    200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers

    🚨 Warning for Gamers & Developers: Don’t Fall for Trojanized Repositories! πŸ›‘οΈπŸ’»

  • Apps News
    The Quantum Arms Race Isn’t Just About Tech, It’s About Who Controls the Narrative

    “πŸŒ€ The Quantum Arms Race: Who Holds the Key to Our Tech Future? πŸŒπŸ”‘”

    New Survey Finds Balancing AI’s Ease of Use with Trust is Top of Business Leaders Minds

    Navigating the AI Frontier: Balancing Trust and Usability for Business Success 🀝✨

    Benjamin Harvey, Ph.D., Founder & CEO of AI Squared – Interview Series

    Unlocking the Future of AI: Dr. Benjamin Harvey’s Vision with AI Squared πŸš€βœ¨

    How to Realize Value from a GenAI-Enabled Workforce

    Maximize Your Business Potential: The Game-Changing Power of GenAI πŸš€βœ¨

    How Does AI Use Impact Critical Thinking?

    Navigating the AI Revolution: Boosting Critical Thinking in a Tech-Driven World πŸ€–βœ¨

    From Evo 1 to Evo 2: How NVIDIA is Redefining Genomic Research and AI-Driven Biological Innovations

    Unlocking the Secrets of Life: How NVIDIA is Revolutionizing Genomic Research with AI πŸš€πŸŒŸ

    Jotform Review: The Best Form Builder or Just Overhyped?

    Unlocking the Truth: Is Jotform the Next Best Thing in Form Building? πŸ€”πŸš€βœ¨

    The Road to Better AI-Based Video Editing

    Unlock Your Creative Potential: Explore the Future of AI in Video Editing! πŸŽ₯βœ¨πŸš€

    Post-RAG Evolution: AI’s Journey from Information Retrieval to Real-Time Reasoning

    Unlocking AI’s Future: From Data Fetching to Real-Time Thinking πŸ€–βœ¨

  • Events

    Does Cannabis Belong at Business Events?

    Rising Event Costs to Challenge 2025 Budgets

    Event Tech and the Future of In-Person Networking

    Dubai To Invest $2.7 Billion in What Will Become the Largest Exhibition Venue in the Middle East

    The Old Playbook Will Not Work for Today’s Corporate Events

    Why Actual Face Time Beats Screen Time for Gen Z

    Breathe New Life Into Meetings in Whistler

    Oak View Group and OCESA Team Up to Offer Hospitality at Four Mexico City Venues

    Time to Chill: Planners’ Post-Meeting Rituals

No Result
View All Result
  • Home
  • Tech Trends

    The best deals ahead of the October Big Deal Days sale and everything we know so far

    Google Maps will flag businesses with potentially fake reviews

    DoNotPay ‘robot lawyer’ fined $193K by the FTC for not being a lawyer

    Meta’s Orion holographic avatars will (eventually) be in VR too

    Google files EU antitrust complaint against Microsoft

    California’s ‘click to cancel’ subscription bill is signed into law

    Horizon Zero Dawn Remastered arrives October 31 on PS5 and PC

    Ghost of Yōtei is a Tsushima sequel coming to PS5 in 2025

    The Google Photos video editor is getting AI, because of course it is

  • AI News
    The Quantum Arms Race Isn’t Just About Tech, It’s About Who Controls the Narrative

    “πŸŒ€ The Quantum Arms Race: Who Holds the Key to Our Tech Future? πŸŒπŸ”‘”

    New Survey Finds Balancing AI’s Ease of Use with Trust is Top of Business Leaders Minds

    Navigating the AI Frontier: Balancing Trust and Usability for Business Success 🀝✨

    Benjamin Harvey, Ph.D., Founder & CEO of AI Squared – Interview Series

    Unlocking the Future of AI: Dr. Benjamin Harvey’s Vision with AI Squared πŸš€βœ¨

    How to Realize Value from a GenAI-Enabled Workforce

    Maximize Your Business Potential: The Game-Changing Power of GenAI πŸš€βœ¨

    How Does AI Use Impact Critical Thinking?

    Navigating the AI Revolution: Boosting Critical Thinking in a Tech-Driven World πŸ€–βœ¨

    From Evo 1 to Evo 2: How NVIDIA is Redefining Genomic Research and AI-Driven Biological Innovations

    Unlocking the Secrets of Life: How NVIDIA is Revolutionizing Genomic Research with AI πŸš€πŸŒŸ

    Jotform Review: The Best Form Builder or Just Overhyped?

    Unlocking the Truth: Is Jotform the Next Best Thing in Form Building? πŸ€”πŸš€βœ¨

    The Road to Better AI-Based Video Editing

    Unlock Your Creative Potential: Explore the Future of AI in Video Editing! πŸŽ₯βœ¨πŸš€

    Post-RAG Evolution: AI’s Journey from Information Retrieval to Real-Time Reasoning

    Unlocking AI’s Future: From Data Fetching to Real-Time Thinking πŸ€–βœ¨

  • Cyber Security
    Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

    Unmasking the $540 Million Crypto Scam: How Europol Took Down a Fraud Empire πŸš¨πŸ’°

    Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

    🚨 Protect Your Code: What You Need to Know About the Open VSX Registry Flaw πŸ”’βœ¨

    nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

    Navigating the nOAuth Nightmare: Is Your Microsoft Entra App Safe? πŸš¨πŸ”’

    Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

    πŸ“‰ Hackers Strike: Unraveling the Shocking 2024 Saudi Games Data Breach πŸŒπŸ”“

    Beware the Hidden Risk in Your Entra Environment

    Shielding Your Entra: Unmasking Hidden Threats & Securing Your Digital Kingdom! πŸ›‘οΈπŸŒβœ¨

    Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

    🚨 Don’t Let Hackers Steal Your Secrets: Guard Your Microsoft Exchange Servers Now! πŸ›‘οΈπŸ”‘

    China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

    Caught in the Crossfire: How Salt Typhoon is Targeting Canadian Telecoms through Cisco Vulnerabilities πŸŒ©οΈπŸ“žπŸ”’

    Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks

    Secure Your AI Future: How Google is Tackling Prompt Injection Attacks πŸš€πŸ”’

    200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers

    🚨 Warning for Gamers & Developers: Don’t Fall for Trojanized Repositories! πŸ›‘οΈπŸ’»

  • Apps News
    The Quantum Arms Race Isn’t Just About Tech, It’s About Who Controls the Narrative

    “πŸŒ€ The Quantum Arms Race: Who Holds the Key to Our Tech Future? πŸŒπŸ”‘”

    New Survey Finds Balancing AI’s Ease of Use with Trust is Top of Business Leaders Minds

    Navigating the AI Frontier: Balancing Trust and Usability for Business Success 🀝✨

    Benjamin Harvey, Ph.D., Founder & CEO of AI Squared – Interview Series

    Unlocking the Future of AI: Dr. Benjamin Harvey’s Vision with AI Squared πŸš€βœ¨

    How to Realize Value from a GenAI-Enabled Workforce

    Maximize Your Business Potential: The Game-Changing Power of GenAI πŸš€βœ¨

    How Does AI Use Impact Critical Thinking?

    Navigating the AI Revolution: Boosting Critical Thinking in a Tech-Driven World πŸ€–βœ¨

    From Evo 1 to Evo 2: How NVIDIA is Redefining Genomic Research and AI-Driven Biological Innovations

    Unlocking the Secrets of Life: How NVIDIA is Revolutionizing Genomic Research with AI πŸš€πŸŒŸ

    Jotform Review: The Best Form Builder or Just Overhyped?

    Unlocking the Truth: Is Jotform the Next Best Thing in Form Building? πŸ€”πŸš€βœ¨

    The Road to Better AI-Based Video Editing

    Unlock Your Creative Potential: Explore the Future of AI in Video Editing! πŸŽ₯βœ¨πŸš€

    Post-RAG Evolution: AI’s Journey from Information Retrieval to Real-Time Reasoning

    Unlocking AI’s Future: From Data Fetching to Real-Time Thinking πŸ€–βœ¨

  • Events

    Does Cannabis Belong at Business Events?

    Rising Event Costs to Challenge 2025 Budgets

    Event Tech and the Future of In-Person Networking

    Dubai To Invest $2.7 Billion in What Will Become the Largest Exhibition Venue in the Middle East

    The Old Playbook Will Not Work for Today’s Corporate Events

    Why Actual Face Time Beats Screen Time for Gen Z

    Breathe New Life Into Meetings in Whistler

    Oak View Group and OCESA Team Up to Offer Hospitality at Four Mexico City Venues

    Time to Chill: Planners’ Post-Meeting Rituals

No Result
View All Result
biztoplocation.space
No Result
View All Result
Home Security

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

admin by admin
September 27, 2024
in Security
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

[ad_1]

ξ ‚Sep 27, 2024ξ „Ravie LakshmananLinux / Vulnerability

Linux CUPS Printing System

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.

“A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),” security researcher Simone Margaritelli said.

CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux.

The list of vulnerabilities is as follows –

  • CVE-2024-47176 – cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker-controlled URL
  • CVE-2024-47076 – libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker-controlled data to the rest of the CUPS system
  • CVE-2024-47175 – libppd <= 2.1b1 ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker-controlled data in the resulting PPD
  • CVE-2024-47177 – cups-filters <= 2.0.1 foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter

A net consequence of these shortcomings is that they could be fashioned into an exploit chain that allows an attacker to create a malicious, fake printing device on a network-exposed Linux system running CUPS and trigger remote code execution upon sending a print job.

Cybersecurity

“The issue arises due to improper handling of ‘New Printer Available’ announcements in the ‘cups-browsed’ component, combined with poor validation by ‘cups’ of the information provided by a malicious printing resource,” network security company Ontinue said.

“The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code. The malicious code is executed with the privileges of the lp user – not the superuser ‘root.'”

RHEL, in an advisory, said all versions of the operating system are affected by the four flaws, but noted that they are not vulnerable in their default configuration. It tagged the issues as Important in severity, given that the real-world impact is likely to be low.

“By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems,” it said.

Cybersecurity firm Rapid7 pointed out that affected systems are exploitable, either from the public internet or across network segments, only if UDP port 631 is accessible and the vulnerable service is listening.

Palo Alto Networks has disclosed that none of its products and cloud services contain the aforementioned CUPS-related software packages, and therefore are not impacted by the flaws.

Patches for the vulnerabilities are currently being developed and are expected to be released in the coming days. Until then, it’s advisable to disable and remove the cups-browsed service if it’s not necessary, and block or restrict traffic to UDP port 631.

“It looks like the embargoed Linux unauth RCE vulnerabilities that have been touted as doomsday for Linux systems, may only affect a subset of systems,” Benjamin Harris, CEO of WatchTowr, said in a statement shared with The Hacker News.

Cybersecurity

“Given this, while the vulnerabilities in terms of technical impact are serious, it is significantly less likely that desktop machines/workstations running CUPS are exposed to the Internet in the same manner or numbers that typical server editions of Linux would be.”

Satnam Narang, senior staff research engineer at Tenable, said these vulnerabilities are not at a level of a Log4Shell or Heartbleed.

“The reality is that across a variety of software, be it open or closed source, there are a countless number of vulnerabilities that have yet to be discovered and disclosed,” Narang said. “Security research is vital to this process and we can and should demand better of software vendors.”

“For organizations that are honing in on these latest vulnerabilities, it’s important to highlight that the flaws that are most impactful and concerning are the known vulnerabilities that continue to be exploited by advanced persistent threat groups with ties to nation states, as well as ransomware affiliates that are pilfering corporations for millions of dollars each year.”

Found this article interesting? Follow us on Twitter ο‚™ and LinkedIn to read more exclusive content we post.



[ad_2]

Source link

Previous Post

Potential Palworld-Killer Miraibo GO Has a Release Date

Next Post

The best deals ahead of the October Big Deal Days sale and everything we know so far

admin

admin

Next Post

The best deals ahead of the October Big Deal Days sale and everything we know so far

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected test

  • 23.9k Followers
  • 99 Subscribers
  • Trending
  • Comments
  • Latest
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages

Cybersecurity Under Siege: The Dark Crystal RAT Targets Ukraine’s Defense! πŸš¨πŸ”’

March 20, 2025
Voyantis Secures $41M to Revolutionize AI-Driven Growth Strategies

Unlocking Growth: How Voyantis’ $41M AI Revolution is Changing the Game for Businesses πŸŒŸπŸ’Ό

February 14, 2025

A The Lord of the Rings Game is now due out in March 2025

September 23, 2024
Explore Fully Operational Cockpits and Aircraft with Aerofly FS Global Mobile Flight Simulator

Soar Beyond Limits: Experience the Ultimate Flight Adventure with Aerofly FS Global! ✈️🌍✨

November 22, 2024

Nth Degree Targets Strategic Acquisitions with New Backing from Shamrock Capital

0

5 Best Classic App Store Games

0

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

0

The best iPad accessories for 2024

0
5 Best Classic App Store Games

“✨ Dive into Nostalgia: 5 Must-Play App Store Classics That Bring Joy! πŸŽ‰”

July 14, 2025
A World of Wonder and Peril Awaits in the Underwater Adventure Subnautica

🌊 Dive Deep into Subnautica: Uncover Secrets Beneath the Waves! πŸ¦‘βœ¨

July 10, 2025
See Your Calendar in a New Way With Timescape

Unlock Your Time Management Potential with Timescape: The Future of Calendars Awaits! πŸš€πŸ“…βœ¨

July 9, 2025
Best New Apps of June 2025

πŸš€ Unleash Your Potential: The Must-Have Apps of June 2025! πŸ“±βœ¨

July 7, 2025

Recent News

5 Best Classic App Store Games

“✨ Dive into Nostalgia: 5 Must-Play App Store Classics That Bring Joy! πŸŽ‰”

July 14, 2025
A World of Wonder and Peril Awaits in the Underwater Adventure Subnautica

🌊 Dive Deep into Subnautica: Uncover Secrets Beneath the Waves! πŸ¦‘βœ¨

July 10, 2025
See Your Calendar in a New Way With Timescape

Unlock Your Time Management Potential with Timescape: The Future of Calendars Awaits! πŸš€πŸ“…βœ¨

July 9, 2025
Best New Apps of June 2025

πŸš€ Unleash Your Potential: The Must-Have Apps of June 2025! πŸ“±βœ¨

July 7, 2025

Biz Top News

At Biz Top News, we provide the latest updates and insights on technology, from AI and cybersecurity to apps and cryptocurrency. Stay informed with our expert analysis and breaking news.

Browse by Category

  • AI News
  • Apps
  • Crypto
  • Events
  • Security
  • Tech Trends
  • Uncategorized

About

  • About Us
  • Privacy & Policy
  • Terms Conditions
  • Contact Us

    Β© 2025 Biztoplocation - All rights reserved.

    No Result
    View All Result

    Β© 2025 Biztoplocation - All rights reserved.