DIVD-2024-00038 - Remote Code Execution CUPS
| Our reference | DIVD-2024-00038 |
| Case lead | Dennis Kussendrager |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Update to a non-vulnerable version |
| Patch status | Patch available |
| Workaround | Disable and remove the cups-browsed service if not needed. Block traffic to UDP port 631 and DNS-SD traffic if not necessary. |
| Status | Closed |
| Last modified | 23 Jan 2025 11:17 CET |
Summary
According to public research, four vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) affect various components of the open-source CUPS printing service common to Linux and UNIX systems. When attackers chain these vulnerabilities together, they can remotely run commands on a target web-facing device or on a device on a local network they can already access.
Recommendations
Mitigating risks associated with vulnerabilities requires a combination of proactive measures and real-time defenses. Here are some recommendations:
- Update the CUPS package.
- Disable and remove the cups-browsed service if not needed.
- Block traffic to UDP port 631 and DNS-SD traffic if not necessary.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of CUPS and to notify these parties. We do this by looking at the version numbers if possible.
Timeline
| Date | Description |
|---|---|
| 17 Oct 2024 | DIVD starts researching the vulnerability. |
| 17 Oct 2024 | DIVD finds fingerprint, preparing to scan. |
| 17 Oct 2024 | Case opened and starting first scan. |
| 23 Jan 2025 | We have not been able to find a way to fingerprint that aligns with our Code of Conduct. The available methods modify or alter data on the system. |
gantt
title DIVD-2024-00038 - Remote Code Execution CUPS
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2024-00038 - Remote Code Execution CUPS (98 days) :2024-10-17, 2025-01-23
section Events
DIVD starts researching the vulnerability. : milestone, 2024-10-17, 0d
DIVD finds fingerprint, preparing to scan. : milestone, 2024-10-17, 0d
Case opened and starting first scan. : milestone, 2024-10-17, 0d
We have not been able to find a way to fingerprint that aligns with our Code of Conduct. The available methods modify or alter data on the system. : milestone, 2025-01-23, 0d
More information
- CVE-2024-47076
- CVE-2024-47176
- CVE-2024-47175
- CVE-2024-47177
- National Vulnerability Database for CVE-2024-47076
- National Vulnerability Database for CVE-2024-47076
- National Vulnerability Database for CVE-2024-47076
- National Vulnerability Database for CVE-2024-47076