OpenPrinting cups-browsed 2.0.1 CUPS Service binding to an unrestricted ip address

Summaryinfo

A vulnerability, which was classified as critical, has been found in OpenPrinting cups-browsed 2.0.1. Affected is an unknown function of the component CUPS Service. This manipulation causes binding to an unrestricted ip address. The identification of this vulnerability is CVE-2024-47176. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Detailsinfo

A vulnerability was found in OpenPrinting cups-browsed 2.0.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component CUPS Service. The manipulation with an unknown input leads to a binding to an unrestricted ip address vulnerability. The CWE definition for the vulnerability is CWE-1327. The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.

The advisory is shared at github.com. This vulnerability is known as CVE-2024-47176 since 09/20/2024. The exploitation appears to be difficult. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are unknown but a public exploit is available.

It is possible to download the exploit at packetstormsecurity.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 207865 (RHEL OpenPrinting cups-filters (RHSB-2024:002)), which helps to determine the existence of the flaw in a target environment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at Tenable (207865) and CERT Bund (WID-SEC-2024-2240). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Fedora Linux
• Open Source CUPS
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• IGEL OS
• RESF Rocky Linux
• IBM App Connect Enterprise
• Dell PowerProtect Data Domain
• Dell PowerProtect Data Domain Management Center
• Dell PowerProtect Data Domain OS
• Dell NetWorker

Productinfo

Type

• Printing Software

Vendor

• OpenPrinting

Name

• cups-browsed

Version

• 2.0.1

Website

• Product: https://github.com/OpenPrinting/cups-browsed/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion