CUPS Printing Daemon RCE Security Issue

CUPS Printing Daemon Security Issue

A fairly severe remote-code execution (RCE) issue was discovered in the CUPS printing daemon. CUPS is distributed and enabled by default on my Linux systems. This vulnerability enables a malicious party with access to your CUPS server to execute arbitrary code as soon as a print job is started.

💡

Mitigation: Make sure cups-browsed is disabled and/or UDP port 631 is closed on your firewall and keep your system up to date.

In no case should port 631 be exposed to the internet.

The service can be stopped and permanently disabled with the following commands:

sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed

Ubuntu already issued security updates for their packages:

Ubuntu “Noble” 24.04 LTS: 2.0.0-0ubuntu10.1 Ubuntu “Jammy” 22.04 LTS: 1.28.15-0ubuntu1.3

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned around these CUPS issues

Red Hat also has a blog post on the issue:

Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177

An overview and mitigation information for the vulnerabilities affecting OpenPrinting CUPS.

www.redhat.com

Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177

We’re happy to check if you’re affected.