CVE-2024-47175

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.cups.org
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I

Configurations

No configuration.

History

30 Sep 2024, 12:46

Type	Values Removed	Values Added
Summary		(es) CUPS es un sistema de impresión de código abierto basado en estándares, y `libppd` se puede utilizar para la compatibilidad con archivos PPD heredados. La función `libppd` `ppdCreatePPDFromIPP2` no desinfecta los atributos IPP al crear el búfer PPD. Cuando se utiliza en combinación con otras funciones como `cfGetPrinterAttributes5`, puede dar lugar a una entrada controlada por el usuario y, en última instancia, a la ejecución de código a través de Foomatic. Esta vulnerabilidad puede ser parte de una cadena de explotación que conduce a la ejecución remota de código (RCE), como se describe en CVE-2024-47176.

26 Sep 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-26 22:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-47175

Mitre link : CVE-2024-47175

CVE.ORG link : CVE-2024-47175

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-47175", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2024-09-26T22:15:04.283", "references": [{"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "source": "security-advisories@github.com"}, {"url": "https://www.cups.org", "source": "security-advisories@github.com"}, {"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176."}, {"lang": "es", "value": "CUPS es un sistema de impresi\u00f3n de c\u00f3digo abierto basado en est\u00e1ndares, y `libppd` se puede utilizar para la compatibilidad con archivos PPD heredados. La funci\u00f3n `libppd` `ppdCreatePPDFromIPP2` no desinfecta los atributos IPP al crear el b\u00fafer PPD. Cuando se utiliza en combinaci\u00f3n con otras funciones como `cfGetPrinterAttributes5`, puede dar lugar a una entrada controlada por el usuario y, en \u00faltima instancia, a la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de Foomatic. Esta vulnerabilidad puede ser parte de una cadena de explotaci\u00f3n que conduce a la ejecuci\u00f3n remota de c\u00f3digo (RCE), como se describe en CVE-2024-47176."}], "lastModified": "2024-09-30T12:46:20.237", "sourceIdentifier": "security-advisories@github.com"}