Security Alert: USN-7043-1 Critical Cups-Filters Vulnerabilities

Date: December 2023

Reporter: LinuxPatch Cybersecurity Team

Simone Margaritelli recently unveiled critical vulnerabilities within the cups-filters components, notably in the cups-browsed and libcupsfilters. These vulnerabilities, tracked as CVE-2024-47176 and CVE-2024-47076 respectively, pose serious risks to network security, potentially allowing remote attackers to execute arbitrary code.

Understanding the Vulnerabilities

CVE-2024-47176: The first vulnerability within the cups-browsed component of cups-filters involves its network printing functionality, particularly the auto-discovery of print services and shared printers. This component erroneously binds to INADDR_ANY:631, accepting packets from any source without adequate validation. This issue facilitates the introduction of a manipulated printer into the system network, establishing a vector for potential remote code execution when initiating a print job.

CVE-2024-47076: The second vulnerability concerns the libcupsfilters, specifically within the cfGetPrinterAttributes5 function. This function fails to sanitize IPP attribute data received from an IPP server. Consequently, when this data is used to generate a PPD file, it can result in manipulated data interfacing directly with the CUPS system, exposing it to arbitrary code execution risks when the printer is utilized.

Risk Assessment

The exposed vulnerabilities signal an alarm for IT security professionals and network administrators. Systems with the cups-browsed service active are particularly vulnerable to remote attacks, potentially across the public internet, thus exposing a vast network of interconnected systems to severe threats.

Preventive Measures and Security Recommendations

In response to these vulnerabilities, it's critical to disable support for legacy CUPS printer discovery protocols immediately, as indicated in the latest LinuxPatch security advisories. Additionally, system administrators are advised to:

  • Apply all relevant security patches promptly.
  • Monitor network traffic for unusual activities that could indicate attempts at exploiting these vulnerabilities.
  • Configure firewalls to restrict access to the *:631 ports to trusted sources only.
  • Regularly update all networked printers and connected devices with the latest firmware and security patches.

For the technical guide on mitigating these risks, including step-by-step instructions, please visit LinuxPatch.com.

Conclusion

The discovery of these vulnerabilities serves as a critical reminder of the importance of proactive cybersecurity measures. Organizations must remain vigilant and prepared to act swiftly upon the identification of potential cyber threats to ensure system integrity and network security.

Stay safe and informed,

The LinuxPatch Cybersecurity Team