Replicated’s response to the Common UNIX Printing System (CUPS) Vulnerabilities

Andrew Storms
 | 
Sep 27, 2024

On September 23, a researcher revealed on X (formerly Twitter) that they had reported a critical CVSSv3 9.9 score unauthenticated remote code execution (RCE) vulnerability impacting "all GNU/Linux systems". The researcher mentioned difficulties in coordinating disclosure across the various Linux vendors. Over the following days, they provided more information about the process, prompting media outlets to issue warnings regarding the vulnerability

By September 26, the researcher announced that full disclosure was imminent and shared a blog post that allowed Replicated to evaluate its potential exposure. The vulnerabilities have been identified as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-4717

Please be advised that as of September 26, no patches are available.

Are Replicated Products or Infrastructure Affected?

Based on current intelligence and assessment, Replicated systems are considered low risk.

For these vulnerabilities to be exploited, the Common UNIX Printing System (CUPS) service must be running and accessible on the network. Our images do not start this service by default.

Our latest installable products (KOTS, SDK, and Embedded Cluster) are built on Wolfi “distroless” images, with delivery pipelines capable of daily automated rebuilds and releases. However, Kurl, which uses a more comprehensive Linux OS of Alpine, may require patching. We will need to wait for the patch to confirm. If your installation has the vulnerable CUPS version, the best mitigation is to ensure CUPS is not running and that your firewalls block IPP port (default 631). Replicated will release new versions of all affected products once patches are available.

Best Practices

  • We recommend always using our latest releases whenever possible. 
  • Keep your images and products minimal by avoiding unnecessary packages. 
  • Similarly, ensure that unneeded services or daemons are not running or started by default, even if installed.
  • Network, firewall, and perimeter protections remain crucial, especially in cases where vulnerabilities are exploited via the network.

References

Here are a few external blog posts with additional information about the vulnerabilities

https://www.redhat.com/en/blog/red-hat-response-openprinting-cups-vulnerabilities

https://www.tenable.com/blog/cve-2024-47076-cve-2024-47175-cve-2024-47176-cve-2024-47177-faq-cups-vulnerabilities

No items found.