| VID |
23345 |
| Severity |
40 |
| Port |
631 |
| Protocol |
TCP |
| Class |
CUPS |
| Detailed Description |
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
- cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. (CVE-2024-47176)
- libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker controlled data to the rest of the CUPS system.(CVE-2024-47076)
- libppd <= 2.1b1 ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker controlled data in the resulting PPD.(CVE-2024-47175)
- cups-filters <= 2.0.1 foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter. (CVE-2024-47177)
* References:
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
* Platforms Affected:
Linux Any version
Unix Any version |
| Recommendation |
* Deactivate the cups-browsed service (if not in use)
- Command: `$ sudo systemctl stop cups-browsed; sudo systemctl disable cups-browsed`
* Restart the CUPS service
- Command: `$ sudo systemctl restart cups`
* Strengthen firewall settings
- Block external access to UDP port 631
- Command: `$ sudo ufw deny proto udp from any to any port 631` |
| Related URL |
CVE-2024-47176,CVE-2024-47076,CVE-2024-47175,CVE-2024-47177 (CVE) |
| Related URL |
75098 (SecurityFocus) |
| Related URL |
(ISS) |
|
