This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.
16431cc7dbb038947f886cccbda9ff1e8abb4ffdc1cbb4066839871766422f13Ubuntu Security Notice 7043-4 - USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
d6735cd226521138a1caa83e35e3599310090e11b787a19fe17009e31c3e555aRed Hat Security Advisory 2024-7623-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
eef5e7ad4f1734fa54fbbf5e87d073152f177a0553bb0f5d43f8443b7308b132Red Hat Security Advisory 2024-7553-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
810596e9a6ada726a3aa096028b71a16d840972c4b1af5cad353ea237a142505Red Hat Security Advisory 2024-7551-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a code execution vulnerability.
caa21a11318c9fdfa7115513a1c187983c6a96c0cab9f514778ae4fd4fee1573Red Hat Security Advisory 2024-7506-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
99e183eddd8a502947836d6c3904874751f80ec4105d064b3122e8ec442858baRed Hat Security Advisory 2024-7504-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
c4540c057acce0b37af017ef60757b9d65058f2c707271c1595d8f39b99c77b3Red Hat Security Advisory 2024-7503-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
c50952243694f7034203797e27563abce3bbdc9d7c1e4785015a1e57e757be0bRed Hat Security Advisory 2024-7463-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
7cb2bda6be2b69360ea38f43d816094c4723615382f2c83511fef1f0049f9387Red Hat Security Advisory 2024-7462-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
01aefe4627c76a58923bd2889ce090352c51892309bcc74fce7f079bb72e46e4Red Hat Security Advisory 2024-7461-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
c09ae3a1d475726f08779ff5aec924bd90d3fc9eac24ceaef5adf2a3579f6ed9Debian Linux Security Advisory 5778-1 - Simone Margaritelli reported several vulnerabilities in cups-filters. Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is started.
5a1f56f676d00911fffdf604e18b71c26411856c8f03de47176c8199b8debba9Red Hat Security Advisory 2024-7346-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
a6dfaba2b16f01e438380fea6cbfe9684f3819cb46bf2869bd28317290da624dUbuntu Security Notice 7044-1 - Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
d4563f3697d6676917894763df709e3f207c74657933f144dfdf4c80edeb0d33Ubuntu Security Notice 7043-1 - Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
6be885c667c90d4d917930789e9acf48c114374ee951a31c9a59128bb6d62679
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed