CyberWeekly 28' Sept | Issue #7

CUPS, vulnerabilities, remote code execution, patches, NIST, authentication guidelines, cyberattacks, transportation, logistics, malware, water treatment, cybersecurity, EPA, ATG systems.

Sep 28, 2024

Patch for CUPS Vulnerability Less Critical Than Anticipated

The Linux OpenPrinting project released patches to fix four vulnerabilities in the Common UNIX Printing System (CUPS) framework.
Initially believed to be highly severe, the vulnerabilities turned out to be less critical than anticipated.
The flaws, with CVSS scores ranging from 8.4 to 9.1, affect multiple Linux distributions and could allow remote code execution if exploited via UDP port 631.

Understanding the Vulnerabilities: A Technical Breakdown

The vulnerabilities impact several key components of the CUPS printing system and its associated libraries. These components are responsible for handling IPP (Internet Printing Protocol) requests, printer attributes, and PPD (PostScript Printer Description) files. The identified vulnerabilities include:

CVE-2024-47176 - cups-browsed (<= 2.0.1):
- This vulnerability arises from the cups-browsed component binding to UDP INADDR_ANY:631, which effectively trusts any packet received from any source.
- An attacker could craft a malicious Get-Printer-Attributes IPP request, causing CUPS to accept and execute code from an attacker-controlled URL.
- This flaw can lead to remote command execution or unauthorized printer installation.
CVE-2024-47076 - libcupsfilters (<= 2.1b1):
- The cfGetPrinterAttributes5 function does not properly validate or sanitize IPP attributes returned from an IPP server.
- This can lead to arbitrary, attacker-controlled data being supplied to the rest of the CUPS system, potentially resulting in system compromise.
CVE-2024-47175 - libppd (<= 2.1b1):
- In the ppdCreatePPDFromIPP2 function, there is a lack of validation or sanitization for IPP attributes when they are written to a temporary PPD file.
- This allows the injection of malicious data into the resulting PPD file, further compromising the integrity of the printing service.
CVE-2024-47177 - cups-filters (<= 2.0.1):
- The foomatic-rip filter allows arbitrary command execution through the FoomaticRIPCommandLine PPD parameter.
- If an attacker can gain control over a printer configuration or manipulate a PPD file, they could execute arbitrary commands on the vulnerable system.

NIST Revises Identity Guidelines, Including Password Requirements

The National Institute of Standards and Technology (NIST) has released a second public draft of Special Publication 800-63-4, which offers comprehensive guidelines on authentication for subjects interacting with government information systems.
The guidelines cover multi-factor authentication (MFA), user privacy, phishing-resistant measures, and biometrics.
Key updates include a recommendation for passwords with a minimum of 8 characters (with 15 minimum and 64 maximum recommended), elimination of special character rules, no arbitrary scheduled password changes, and the removal of knowledge-based credentials or security questions.
The changes are meant to simplify authentication and make it more user-friendly while maintaining security.

Spearphishing Campaign Targets US Transportation and Logistics

Researchers at Proofpoint have identified a three-month-long malware campaign targeting US transportation and logistics companies.
The campaign used compromised employee email accounts to send lures tailored with industry-specific information.
At least five malware varieties were used, including Lumma Stealer, StealC, NetSupport, DanaBot, and Arechclient2.
The attacks highlight the increased sophistication of social engineering tactics used by cybercriminals.

Kansas Water Treatment Facility Suffers Cyber Incident Amid Warnings from EPA, WaterISAC, and CISA

A water treatment facility in Arkansas City, Kansas, suffered a cybersecurity incident over the weekend of September 21/22, forcing it to revert to manual operations.
The attack occurred shortly after the US Environmental Protection Agency (EPA), the Water Information Sharing and Analysis Center (WaterISAC), and CISA issued warnings about increased targeting of the water sector by threat actors.

Automated Tank Gauge Vulnerabilities

Researchers at Bitsight have identified ten security issues affecting Automated Tank Gauge (ATG) systems used in critical infrastructure facilities like gas stations, hospitals, and power plants.
Seven of the CVEs are rated critical, and all 10 could be exploited to gain full admin privileges.
Patches are available for seven of the vulnerabilities, and mitigation measures include isolating these systems and minimizing network access.

Sponsored

The Guided Hacking Show is a podcast mainly focused on reverse engineering and game hacking, we will be interviewing prominent reverse engineers and game hackers and finding out what makes them tick. Passionate reverse engineers are an interesting group of people and it's always fun to learn their story. You'll hear about how they got into reverse engineering, how it affected their lives, what kind of cool projects they've done & where the future will take them. https://guidedhacking.com/threads/guided-hacking-podcast-zac-from-squally.20636/

Without the sponsors and partners, hacklido wouldn't be where it is now, So we would like to thank them.

Sponsors:

Guidedhacking.com
Your web links goes here!

Community Partners:

If you wish to Sponsor / Partner with hacklido and get benefitted? Reach out to us via email@hacklido.com to discuss with us!