Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Two critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote denial-of-service attacks and authentication bypass exploits.
The vulnerabilities, tracked as CVE-2025-58364 and CVE-2025-58060, affect the core printing infrastructure used across virtually all Linux distributions and pose significant risks to network security.
Key Takeaways
1. Two Critical CUPS vulnerabilities impact all Linux systems.
2. Attackers can crash printing services and gain admin access.
3. Immediate fix required until patches arrive.
Remote DoS Vulnerability
The first vulnerability, CVE-2025-58364, stems from unsafe deserialization and validation of printer attributes within the libcups library.
This moderate-severity flaw allows attackers to trigger a null dereference through crafted printer attribute responses, causing system crashes across local networks.
The vulnerability manifests in the ipp_read_io() function when processing IPP_OP_GET_PRINTER_ATTRIBUTES requests.
Security researchers demonstrated that the combination of ippNewRequest(), cupsDoRequest(), and ippValidateAttributes() functions creates a dangerous code path where malformed responses can cause null pointer dereferences in the loop for (ptr = attr->values[i].string.text; *ptr; ptr ++).
The attack vector requires adjacent network access, making it exploitable within local subnets where CUPS services automatically discover printers.
Systems running cups-browsed service are particularly vulnerable, as the service actively listens for printer announcements on the network.
The vulnerability affects all CUPS versions below 2.4.12, with no patches currently available. The vulnerability was discovered and reported by security researcher SilverPlate3.
Authentication Bypass Vulnerability
CVE-2025-58060 represents a high-severity authentication bypass vulnerability affecting CUPS configurations using AuthType Negotiate or any non-Basic authentication method.
The flaw allows attackers to bypass password verification by sending Authorization: Basic headers when the system expects different authentication types.
The vulnerability exists in the scheduler/auth.c file within the cupsdAuthorize() function. When administrators configure DefaultAuthType to anything other than Basic authentication, the system incorrectly skips password validation if an incoming request contains a Basic authentication header.
Attackers can exploit this by sending requests with Authorization: Basic $(echo -n admin:x | base64), where the password can be any arbitrary string.
This bypass grants unauthorized access to CUPS administrative functions, potentially allowing attackers to modify printer configurations, access print queues, or execute administrative commands.
The vulnerability affects systems where administrators have implemented Kerberos, LDAP, or other enterprise authentication mechanisms to secure their printing infrastructure.
The vulnerability was identified and reported by researcher hvenev-insait.
CVE ID Title CVSS 3.1 Score Severity CVE-2025-58364Remote DoS via null dereference6.5ModerateCVE-2025-58060Authentication bypass with AuthType Negotiate7.8High
Mitigations
Both vulnerabilities expose critical weaknesses in CUPS deployments across enterprise and home networks.
The DoS vulnerability can disrupt printing services network-wide, while the authentication bypass compromises administrative access controls.
Organizations using CUPS in production environments should immediately assess their exposure and implement network-level protections.
Network administrators should restrict IPP port 631 access through firewalls and disable the cups-browsed service on systems that don’t require automatic printer discovery.
For the authentication bypass vulnerability, temporarily reverting to AuthType Basic with strong passwords provides immediate protection until patches become available.
Organizations should monitor the OpenPrinting project repository for security updates and apply patches immediately upon release.
#Cyber_Security_News #Linux #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication
Author: Florence NightingaleTwo critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote denial-of-service attacks and authentication bypass exploits.
The vulnerabilities, tracked as CVE-2025-58364 and CVE-2025-58060, affect the core printing infrastructure used across virtually all Linux distributions and pose significant risks to network security.
Key Takeaways
1. Two Critical CUPS vulnerabilities impact all Linux systems.
2. Attackers can crash printing services and gain admin access.
3. Immediate fix required until patches arrive.
Remote DoS Vulnerability
The first vulnerability, CVE-2025-58364, stems from unsafe deserialization and validation of printer attributes within the libcups library.
This moderate-severity flaw allows attackers to trigger a null dereference through crafted printer attribute responses, causing system crashes across local networks.
The vulnerability manifests in the ipp_read_io() function when processing IPP_OP_GET_PRINTER_ATTRIBUTES requests.
Security researchers demonstrated that the combination of ippNewRequest(), cupsDoRequest(), and ippValidateAttributes() functions creates a dangerous code path where malformed responses can cause null pointer dereferences in the loop for (ptr = attr->values[i].string.text; *ptr; ptr ++).
The attack vector requires adjacent network access, making it exploitable within local subnets where CUPS services automatically discover printers.
Systems running cups-browsed service are particularly vulnerable, as the service actively listens for printer announcements on the network.
The vulnerability affects all CUPS versions below 2.4.12, with no patches currently available. The vulnerability was discovered and reported by security researcher SilverPlate3.
Authentication Bypass Vulnerability
CVE-2025-58060 represents a high-severity authentication bypass vulnerability affecting CUPS configurations using AuthType Negotiate or any non-Basic authentication method.
The flaw allows attackers to bypass password verification by sending Authorization: Basic headers when the system expects different authentication types.
The vulnerability exists in the scheduler/auth.c file within the cupsdAuthorize() function. When administrators configure DefaultAuthType to anything other than Basic authentication, the system incorrectly skips password validation if an incoming request contains a Basic authentication header.
Attackers can exploit this by sending requests with Authorization: Basic $(echo -n admin:x | base64), where the password can be any arbitrary string.
This bypass grants unauthorized access to CUPS administrative functions, potentially allowing attackers to modify printer configurations, access print queues, or execute administrative commands.
The vulnerability affects systems where administrators have implemented Kerberos, LDAP, or other enterprise authentication mechanisms to secure their printing infrastructure.
The vulnerability was identified and reported by researcher hvenev-insait.
CVE ID Title CVSS 3.1 Score Severity CVE-2025-58364Remote DoS via null dereference6.5ModerateCVE-2025-58060Authentication bypass with AuthType Negotiate7.8High
Mitigations
Both vulnerabilities expose critical weaknesses in CUPS deployments across enterprise and home networks.
The DoS vulnerability can disrupt printing services network-wide, while the authentication bypass compromises administrative access controls.
Organizations using CUPS in production environments should immediately assess their exposure and implement network-level protections.
Network administrators should restrict IPP port 631 access through firewalls and disable the cups-browsed service on systems that don’t require automatic printer discovery.
For the authentication bypass vulnerability, temporarily reverting to AuthType Basic with strong passwords provides immediate protection until patches become available.
Organizations should monitor the OpenPrinting project repository for security updates and apply patches immediately upon release.
#Cyber_Security_News #Linux #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
