DIVD-2024-00038 - Remote Code Execution CUPS

Our reference DIVD-2024-00038
Case lead Dennis Kussendrager
Researcher(s)
CVE(s)
Products
  • CUPS
Versions
  • cups-browsed ≤ 2.0.1
  • libcupsfilters ≤ 2.1b1
  • libppd ≤ 2.1b1
  • cups-filters ≤ 2.0.
Recommendation Update to a non-vulnerable version
Patch status Patch available
Workaround Disable and remove the cups-browsed service if not needed. Block traffic to UDP port 631 and DNS-SD traffic if not necessary.
Status Open
Last modified 30 Oct 2024 20:59 CET

Summary

According to public research, four vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) affect various components of the open-source CUPS printing service common to Linux and UNIX systems. When attackers chain these vulnerabilities together, they can remotely run commands on a target web-facing device or on a device on a local network they can already access.

Recommendations

Mitigating risks associated with vulnerabilities requires a combination of proactive measures and real-time defenses. Here are some recommendations:

What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of CUPS and to notify these parties. We do this by looking at the version numbers if possible.

Timeline

Date Description
17 Oct 2024 DIVD starts researching the vulnerability.
17 Oct 2024 DIVD finds fingerprint, preparing to scan.
17 Oct 2024 Case opened and starting first scan.
gantt title DIVD-2024-00038 - Remote Code Execution CUPS dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00038 - Remote Code Execution CUPS (still open) :2024-10-17, 2024-11-28 section Events DIVD starts researching the vulnerability. : milestone, 2024-10-17, 0d DIVD finds fingerprint, preparing to scan. : milestone, 2024-10-17, 0d Case opened and starting first scan. : milestone, 2024-10-17, 0d

More information