A newly discovered vulnerability in the Common Unix Printing System (CUPS) could make Unix-based systems easy targets for large-scale Distributed Denial-of-Service (DDoS) attacks, with a massive amplification factor of 600x. The now-patched flaw tracked as CVE-2024-47176, affects the ‘cups-browsed’ daemon and can be exploited to gain remote code execution (RCE) via a single UDP packet.
The vulnerability, combined with three other bugs, allows attackers to launch devastating DD0S attacks by tricking vulnerable CUPS servers into bombarding a target system with high-bandwidth requests, crippling both the target and the server itself.
The attack is triggered when an attacker sends a specially crafted packet, fooling the CUPS server into treating the target as a printer. This prompts the server to generate large IPP/HTTP requests directed at the targeted device, consuming significant CPU resources and network bandwidth on both ends.
Researchers estimate that around 58,000 of the 198,000 exposed devices globally could be leveraged for these amplified DDoS attacks.
Notably, some of these vulnerable devices run versions of CUPS dating back to 2007, making them highly susceptible to exploitation. Attackers could either use them as part of a botnet or exploit the RCE vulnerability to gain further control over the system.
Researchers also highlighted a concerning issue where certain vulnerable systems enter an ‘infinite loop’ of requests in response to a single probe. In some cases, this behaviour continues indefinitely, creating an unending stream of traffic aimed at the target. These systems sent thousands of requests to the test infrastructure until the ‘cups-browsed’ daemon was manually stopped or restarted.
This endless loop was often triggered by specific HTTP/404 errors or malformed packets, further amplifying the threat posed by this vulnerability. With such behaviour, attackers could potentially cause prolonged disruptions with minimal effort.
One of the most alarming aspects of this vulnerability is how quickly an attack can be launched. Researchers warn that a malicious actor could seize control of all exposed CUPS servers in a matter of seconds. This level of ease, combined with eh massive amplification potential, makes the vulnerability a high-priority target for cybercriminals seeking to disrupt industries or individuals.
Researchers have advised organisations to disable the ‘cup-browsed’ service to prevent potential exploitation.
In the News: Delhi HC orders social networks to submit SOPs for police requests
