Experts Warn of DDoS Attacks Exploiting Linux Printing Vulnerabilities

Cybersecurity experts are raising alarms over a set of vulnerabilities in the Common UNIX Printing System (CUPS) that could enable threat actors to launch powerful distributed denial-of-service (DDoS) attacks. Researchers from Akamai disclosed that four identified flaws in CUPS could allow attackers to execute malicious code on remote devices.

Discovered by Italian security researcher Simone Margaritelli, these vulnerabilities—CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—affect systems running Linux, BSD, and some Apple and Android devices. CUPS, which is integrated into most Linux operating systems, is vital for printing services.

Akamai’s principal security researcher, Larry Cashdollar, highlighted that attackers could exploit these vulnerabilities to send crafted packets to a targeted printer address, resulting in the CUPS server generating large, partially attacker-controlled requests aimed at the target. This not only affects the target but also overwhelms the host server, consuming its network bandwidth and CPU resources.

Akamai’s Security Intelligence and Response Team (SIRT) reported that over 198,000 devices worldwide are vulnerable, with about 34% potentially being exploited for DDoS attacks. Despite the potential for widespread disruption, experts noted that remediation is straightforward: users should update, disable, or remove CUPS where it is not needed.

The discovery of these vulnerabilities has sparked controversy, as Margaritelli expressed frustration over the CUPS team’s reluctance to address the issues adequately. While some experts believe the impact of these vulnerabilities is limited, Cashdollar warns that the ease of initiating an attack makes the situation concerning.

As threat actors increasingly scan the internet for exposed UNIX systems, cybersecurity experts stress the importance of understanding and managing active services within organisational networks to mitigate risks.