CVE-2024-47176

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDR_ANY:631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Weakness

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

Affected Software

Extended Description

When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network.

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/1.html

References

• https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992
• https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
• https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
• https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
• https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
• https://www.cups.org
• https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
• http://www.openwall.com/lists/oss-security/2024/09/27/6
• https://github.com/OpenPrinting/cups-browsed/commit/1debe6b140c37e0aa928559add4abcc95ce54aa2