09/25/2024-10/02/2024 CUPS Flaws Enable Linux Remote Code Execution, Critical Zimbra Postjournal Flaw, WhatsUp Gold Has Some Critical Security Flaws And More.

1. CUPS Flaws Enable Linux Remote Code Execution

Attackers can exploit multiple vulnerabilities in the CUPS printing system to execute remote code on vulnerable machines  tracked as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. However, they do not affect systems with default settings. The issue arises when the cups-browsed daemon, which is typically disabled, is running. This daemon listens on UDP port 631 and can automatically install a malicious printer if advertised on the local network. When a user prints to this printer, a command is executed locally. While patches are in development, administrators can mitigate the risk by disabling the cups-browsed service. Red Hat has rated the impact as “Important” but not critical due to the multiple hurdles an attacker must overcome.

2. Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw

Researchers are warning of active attacks targeting a severe flaw in Zimbra Collaboration. Proofpoint detected the exploitation of CVE-2024-45519 starting September 28, 2024. This flaw in Zimbra’s postjournal service allows unauthenticated attackers to execute arbitrary commands. The attacks involve spoofed Gmail emails with Base64 strings sent to Zimbra servers, which execute them using the sh utility. Zimbra patched the issue in versions released on September 4, 2024. Though the postjournal feature may be optional, applying the patch is essential. Proofpoint observed attempts to install a web shell on vulnerable servers, enabling command execution. Users are urged to update their systems for protection.

 

3. PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages was discovered in the Python Package Index (PyPI) posing as cryptocurrency wallet recovery tools, stealing sensitive data and digital assets. Targeting wallets like Atomic, Trust Wallet, and Metamask, the packages claimed to help recover mnemonic phrases but instead siphoned private keys and transaction data. Named deceptively to attract developers, these packages included fake download stats and descriptions to appear legitimate. Each had hundreds of downloads before being removed. The malicious code activated when specific functions were called, with data sent to a remote server via a technique called “dead drop resolver,” allowing dynamic server updates.

This attack highlights the risks in open-source ecosystems and the ongoing threats to cryptocurrency users, echoing similar scams like CryptoCore, which used deepfakes and hijacked accounts to steal assets.

4. Progress Warns WhatsUp Gold Has Some Critical Security Flaws

Progress Software recently patched critical and high-severity vulnerabilities in its network monitoring tool, WhatsUp Gold, urging users to update immediately. A security advisory revealed six flaws affecting versions below 24.0.1, without specifying how they could be exploited. Progress warned users that failing to upgrade leaves systems vulnerable to cyberattacks. 

The flaws are listed as: 

• CVE-2024-46905: CVSS 8.8/10
• CVE-2024-46906: CVSS 8.8/10
• CVE-2024-46907: CVSS 8.8/10
• CVE-2024-46908: CVSS 8.8/10
• CVE-2024-46909: CVSS 9.8/10
• CVE-2024-8785: CVSS 9.8/10

Users are advised to download and install version 24.0.1, released on September 20, by visiting Progress’ product page. No reports have confirmed whether the vulnerabilities were exploited before the patch.

5. Critical NVIDIA Container Bug is An ‘Old School’ Risk to AI Workloads

NVIDIA has patched a critical bug (CVE-2024-0132) in its Container Toolkit, which could let attackers gain full root access to a host system. Rated a 9.0 on the CVSS scale, the vulnerability affects all versions up to v1.16.1, with a fix provided in v1.16.2, released on September 25. The bug allows attackers to exploit shared GPU resources via malicious containers, either directly or through supply chain or social engineering attacks.

Cloud security firm Wiz, who reported the issue, warned that such infrastructure vulnerabilities pose immediate risks to AI workloads, especially in environments where multiple customers share GPU devices. Attackers could gain control by accessing Container Runtime Unix sockets, executing commands on the host system.