SUSE Support

Here When You Need Us

Security Vulnerability: remote code execution via cups-browsed (CVE-2024-47177, CVE-2024-47175, CVE-2024-47176, CVE-2024-47076)

This document (000021571) is provided subject to the disclaimer at the end of this document.

Environment

For a comprehensive list of affected products please review the SUSE security announcements:

https://www.suse.com/security/cve/CVE-2024-47076.html
https://www.suse.com/security/cve/CVE-2024-47175.html
https://www.suse.com/security/cve/CVE-2024-47176.html
https://www.suse.com/security/cve/CVE-2024-47177.html

SUSE Liberty Linux 7
SUSE Liberty Linux 8
SUSE Liberty Linux 9


Situation

A security researcher "evilsocket" has disclosed a chain of security vulnerabilities in cups and related tools.

If the "cups-browsed" service is enabled, and its listening port UDP 631 is not blocked by the firewall, cups-browsed accepts CUPS requests from the network. These CUPS requests can inject printer metadata into the print system. The CUPS stack did not filter out metacharacters, so the injected printer data could be used for a shell code injection attack.

Note this vulnerability is unlikely to work across network gateway boundaries or any NATed setups.

SUSE does not enable the cups-browsed.service by default.

Resolution

Possible Workarounds:

1.) Block port 631 UDP in firewall if not already blocked.
2.) Disable cups-browsed.service if its running. Use

systemctl status cups-browsed.service
to verify the status and to stop and disable it: 
systemctl stop cups-browsed.service
systemctl disable cups-browsed.service

3.) cups-browsed is part of the cups-filters RPM. If it is not required, an option is to remove the package:

zypper rm cups-filters

Status

Security Alert

Additional Information

For general cups and sane settings please see:
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021571
  • Creation Date: 27-Sep-2024
  • Modified Date:27-Sep-2024
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications
    • SUSE Manager Server
    • SUSE Linux Enterprise Micro

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center