The recently revealed Common UNIX Printing System (CUPS) security flaw may be even worse than expected following new claims that it can be abused to amplify distributed denial of service (DDoS) attacks.
Akamai researchers have stated that the attacks can have a magnification factor of 600x, for an average attack, a worrying prospect for victims around the world.
CUPS is an open source printing system developed by Apple for Unix-like operating systems, including Linux and macOS. Provides a standardized way to manage print jobs and queues, supporting local and network printers. CUPS uses Internet Printing Protocol (IPP) as its primary protocol, allowing for seamless printer discovery and job submission over networks. It also includes a web-based interface for managing printers, print jobs, and settings.
infinite loop
CUPS was recently revealed to possess four flaws: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, and when chained together, they can allow threat actors to create fake, malicious printers. . what CUPS can discover. All the criminals need to do is send a specially designed packet to trick the CUPS server. The moment a user tries to print something using this new device, a malicious command is executed locally on their device.
Akamai experts, on the other hand, claim that each packet sent to faulty CUPS servers causes them to generate larger IPP/HTTP requests, directed to the target device. As a result, both CPU and bandwidth resources are consumed, in classic DDoS style. Their research determined that there are almost 200,000 devices exposed to the Internet, of which almost 60,000 can be exploited for DDoS campaigns.
In extreme cases, CUPS servers will continue to send requests, entering an infinite loop.
“In the worst case scenario, we observed what appeared to be an endless stream of connection attempts and requests as a result of a single probe. These streams appear to be endless and will continue until the daemon is killed or restarted.” Akamai explained. “Many of these systems we observed in testing established thousands of requests and sent them to our testing infrastructure. In some cases, this behavior appeared to continue indefinitely.”
The DDoS amplification attack can be executed in a matter of minutes and with almost no money. IT teams are urged to apply the fix to the above-mentioned flaws as soon as possible.
Through beepcomputer