Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-24805

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.

Published

2023-05-17T18:15:09.177

Last Modified

2024-11-21T07:48:25.890

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	cups-filters	< 2.0	Yes
Application	linuxfoundation	cups-filters	2.0	Yes
Application	linuxfoundation	cups-filters	2.0	Yes
Application	linuxfoundation	cups-filters	2.0	Yes
Application	linuxfoundation	cups-filters	2.0	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 Patch ([email protected])
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x Exploit, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/ Mailing List, Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/ Mailing List, Release Notes ([email protected])
https://security.gentoo.org/glsa/202401-06 ([email protected])
https://www.debian.org/security/2023/dsa-5407 Third Party Advisory ([email protected])
https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/ Mailing List, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/ Mailing List, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-06 (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5407 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)