Description: CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-47175
Published Date: 2024-09-26T22:15:04.283
Last Modified: 2024-09-26T22:15:04.283
CVSS Score: 8.6 (HIGH)
EPSS Score: 0.04%
Risk Score: 6.02 (HIGH)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
CVSS:
8.6 |
EPSS:
0.04%
Mitre ATT&CK Technical v15.1
T1153 – Source
T1053.002 – At
Technical Analysis & Mitigation Measures
1. Technical Attack Analysis:
– Attack Techniques :
– T1153 – Source : This technique involves exploiting weaknesses in the source code of applications, which in this case refers to the `libppd` library within CUPS. The vulnerability arises from failing to sanitize user-controlled input, allowing an attacker to craft malicious PPD files that could be processed by the CUPS system.
– T1053.002 – Scheduled Task/Job : This technique indicates the potential for the attacker to schedule malicious jobs that execute the crafted PPD files, leading to arbitrary code execution on the target system.
– Possible Outcomes of Exploitation :
– Successful exploitation may lead to remote code execution (RCE) on the affected system, allowing attackers to take full control over the device running the CUPS service.
– Attackers can deploy further malware, create backdoors, or pivot to other systems within the network, escalating the impact of the attack.
– Compromise of sensitive information if the CUPS server manages print jobs containing confidential data.
– Disruption of printing services, leading to operational impacts for organizations relying on CUPS for their printing infrastructure.
2. Mitigation Measures:
– Implement input validation and sanitization on all user-controlled inputs, especially in the `libppd` functions.
– Update CUPS and related libraries to the latest version that addresses the vulnerability.
– Configure CUPS to run with the least privilege necessary to limit potential damage from exploitation.
– Restrict access to CUPS services to trusted networks and users only.
– Monitor CUPS logs for unusual activity or patterns that may indicate an attempted exploitation.
– Use firewalls and intrusion detection systems (IDS) to detect and block suspicious traffic targeting CUPS services.
– Disable any unnecessary printing features or services that are not in use.
– Regularly conduct vulnerability assessments and penetration testing to identify potential weaknesses in the printing infrastructure.
The content above is generated by AI. Please review and consider carefully before applying!
Reference Links
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.cups.org
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
Vendor - Produce - Version
None
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.