Dear User,
We are issuing an urgent advisory regarding critical vulnerabilities in the Common Unix Printing System (CUPS). These vulnerabilities could allow remote code execution (RCE) on affected systems.
Summary of Vulnerabilities:
- CVE-2024-47176: cups-browsed binds on UDP INADDR_ANY:631, trusting any packet to trigger a Get-Printer-Attributes request to an attacker-controlled URL.
- CVE-2024-47076: libcupsfilters does not validate IPP attributes, providing attacker-controlled data to the CUPS system.
- CVE-2024-47175: libppd allows injection of attacker-controlled data when writing to a temporary PPD file.
- CVE-2024-47177: foomatic-rip allows arbitrary command execution via PPD parameters.
Impact:
A remote unauthenticated attacker can silently replace existing printers’ IPP URLs with malicious ones, leading to arbitrary command execution when print jobs are initiated.
Affected Systems:
- Most GNU/Linux distributions
- Some BSDs
- Google Chromium / ChromeOS
- Oracle Solaris
- Potentially more UNIX-like systems.
Remediation:
- Disable and remove the cups-browsed service if it is not needed.
- Update the CUPS package on your systems to the latest version.
- If updating is not possible, block all traffic to UDP port 631 and consider blocking DNS-SD traffic.
We recommend removing any CUPS-related binaries and services from your systems to mitigate these risks effectively.
