-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
60 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,61 @@ | ||
| --- | ||
| layout: case | ||
| title: "Remote Code Execution CUPS" | ||
| author: Dennis Kussendrager | ||
| lead: Dennis Kussendrager | ||
| excerpt: "A remote attacker can replace or install printers with malicious IPP URLs, leading to arbitrary command execution when a print job is started." | ||
| researchers: | ||
| - Olivier Beg | ||
| - Dennis Kussendrager | ||
| - Stan Plasmeijer | ||
| cves: | ||
| - CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177 | ||
| product: | ||
| - CUPS | ||
| versions: | ||
| - cups-browsed ≤ 2.0.1, libcupsfilters ≤ 2.1b1, libppd ≤ 2.1b1, cups-filters ≤ 2.0. | ||
| recommendation: "Update to a non-vulnerable version" | ||
| workaround: "Disable and remove the cups-browsed service if not needed. Block traffic to UDP port 631 and DNS-SD traffic if not necessary." | ||
| patch_status: Patch available | ||
| status : Open | ||
| start: 2024-10-17 | ||
| timeline: | ||
| - start: 2024-10-17 | ||
| end: | ||
| event: "DIVD starts researching the vulnerability." | ||
| - start: 2024-10-17 | ||
| end: | ||
| event: "DIVD finds fingerprint, preparing to scan." | ||
| - start: 2024-10-17 | ||
| end: | ||
| event: "Case opened and starting first scan." | ||
|
|
||
|
|
||
| --- | ||
|
|
||
| ## Summary | ||
| According to public research, four vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) affect various components of the open-source CUPS printing service common to Linux and UNIX systems. When attackers chain these vulnerabilities together, they can remotely run commands on a target web-facing device or on a device on a local network they can already access. | ||
|
|
||
| ## Recommendations | ||
| Mitigating risks associated with vulnerabilities requires a combination of proactive measures and real-time defenses. Here are some recommendations: | ||
|
|
||
| - Update the CUPS package. | ||
| - Disable and remove the cups-browsed service if not needed. | ||
| - Block traffic to UDP port 631 and DNS-SD traffic if not necessary. | ||
|
|
||
| ## What we are doing | ||
| DIVD is currently working to identify parties that are running a vulnerable version of CUPS and to notify these parties. We do this by looking at the version numbers if possible. | ||
|
|
||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
|
|
||
| * {% cve CVE-2024-47076 %} | ||
| * {% cve CVE-2024-47176 %} | ||
| * {% cve CVE-2024-47175 %} | ||
| * {% cve CVE-2024-47177 %} | ||
| * [National Vulnerability Database for CVE-2024-47076](https://nvd.nist.gov/vuln/detail/CVE-2024-47076) | ||
| * [National Vulnerability Database for CVE-2024-47076](https://nvd.nist.gov/vuln/detail/CVE-2024-47176) | ||
| * [National Vulnerability Database for CVE-2024-47076](https://nvd.nist.gov/vuln/detail/CVE-2024-47175) | ||
| * [National Vulnerability Database for CVE-2024-47076](https://nvd.nist.gov/vuln/detail/CVE-2024-47177) | ||
|
|