Red Hat Warns About Remote Code Execution Flaws Impacting Enterprise Linux
‘All versions of Red Hat Enterprise Linux (RHEL) are affected by [the vulnerabilities] but are not vulnerable in their default configurations,’ the IBM-owned company said.
Red Hat warned Thursday that four newly discovered vulnerabilities — which are rated as “important” and affect all versions of Enterprise Linux — could enable remote execution of code.
“All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations,” the IBM-owned company said in a post.
[Related: Red Hat Exec: Linux Supply Chain Hack Was Caught Quickly]
The flaws impact open-source print management software, known as OpenPrinting CUPS, which Red Hat said is “prevalent in most modern Linux distributions.”
“By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems,” Red Hat said in the blog.
The post did not disclose whether any exploitation of the vulnerabilities has been observed so far. In an email to CRN, a Red Hat spokesperson said that “we're unaware of any exploitations in the wild right now.”
The severity of the issue has been rated as “important” by Red Hat.
Crucially, the company noted that “affected packages are not vulnerable in their default configuration.” More vulnerabilities could also be found, however, according to Red Hat.
“At this time, there are four CVEs assigned to these vulnerabilities, but the exact number is still being coordinated with the upstream community and the researcher who discovered the problem,” the company said.
The company credited Simone Margaritelli, known online as “EvilSocket,” with the discovery of the flaws.
In a post Thursday, Margaritelli wrote that by exploiting the vulnerabilities, “a remote unauthenticated attacker can silently replace existing printers’ (or install new ones) [Internet Printing Protocol] urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).”
Initial reactions from several security researchers suggested that while the vulnerabilities are potentially serious, they do not pose as large of an issue as major previous flaws such as the critical vulnerability in Apache Log4j that was discovered in late 2021.
The newly discovered flaws impacting Enterprise Linux are “not at a level” of Log4Shell, said Satnam Narang, senior staff research engineer at Tenable, in an email.
Brian Fox, CTO and co-founder of Sonatype, said in an email that while the vulnerabilities are “significant,” exploitation would prove challenging since Linux servers are not typically used for printing — suggesting that “the immediate impact is mitigated” from the issue.