1. Home
  2. >
  3. Industry
  4. >

Serious RCE Vulnerability Exposed in Linux with No Fix Yet

By:Jack

TapTechNews September 27th news, a serious Remote Code Execution (RCE) vulnerability was exposed in the Linux circle. It has existed for more than 10 years and almost affects all GNU/Linux distributions. There is currently no fix patch yet, but it can be mitigated.

Software developer Simone Margaritelli tweeted on the X platform on September 23rd, taking the lead in exposing these RCE vulnerabilities. It has now informed the relevant development teams and will be fully disclosed in the next two weeks.

Vulnerability Destructiveness

Margaritelli said that these vulnerabilities have not been assigned a CVE tracking number yet, but there will be at least 3, and ideally up to 6.

Canonical (the developer of Ubuntu), RedHat, and the development teams and companies of other distributions have confirmed the severity of these RCE vulnerabilities, and the estimated CVSS score reaches 9.9 (out of 10, the higher the score, the more dangerous), indicating that if exploited, it may cause catastrophic damage.

Serious RCE Vulnerability Exposed in Linux with No Fix Yet_0

Vulnerability Details

This vulnerability mainly exists in the Unix printing system CUPS. If the user is running CUPS and has enabled cups-browsed, there is a risk of being attacked, resulting in the user's device being remotely hijacked.

However, the CUPS development team has differences in how to deal with this vulnerability. Some members are debating the actual security impact of this vulnerability on actual operation, and Margaritelli expresses frustration about this.

Serious RCE Vulnerability Exposed in Linux with No Fix Yet_1

Serious RCE Vulnerability Exposed in Linux with No Fix Yet_2

Serious RCE Vulnerability Exposed in Linux with No Fix Yet_3

Researchers pointed out that despite providing multiple Proofs of Concept (PoC) and systematically overthrowing the assumptions of developers, progress is still slow.

Mitigation Plan

TapTechNews quoted Margaritelli's news that there is currently no fix patch, and users can try the following mitigation plans:

Disable or remove the cups-browsed service

Update the CUPS installation to introduce security updates when security updates are available.

Block access to UDP port 631 and consider turning off DNS-SD.

If port 631 is not directly accessible, attackers may carry out the attack by spoofing zeroconf, mDNS, or DNS-SD advertisements.

Linux RCE vulnerability mitigation plan

Likes