CVE-2024-47076: Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products (Severity: NONE)
CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Other sources
If an attacker is able to exploit an exposed IPP server to respond with a valid response to be added to the system, and if discovered via mDNS, an existing printer can be directly hijacked (its IPP url replaced with a malicious one) making it indistinguishable from the original one. The cfGetPrinterAttributes API does not perform any sanitization on any of the IPP attributes returned by the server. Attributes that are then saved, as they are, in a temporary PPD file via ppdCreatePPDFromIPP2. ppdCreatePPDFromIPP2 doesn't perform any sanitization itself and in fact it just writes to the file any attributes contents. This allows an attacker to return a malicious IPP attribute in the form of printer-privacy-policy-uri (which is just one of the several attributes that can be used, the RCE was also confirmed with printer-info, printer-name and printer-make-and-model).
— Red Hat
OpenPrinting ibcupsfilters could allow a remote attacker to bypass security restrictions, caused by the failure to validate or sanitize the IPP attributes returned from an IPP server by the libcupsfilters component. By replacing the valid IPP URL with a malicious one, an attacker could exploit this vulnerability to add a malicious printer or directly hijack an existing printer.
— IBM
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products.
Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues.
— Palo Alto Networks
This CVE was automatically created from a reference found in an email or other text. If you are reading this, then this CVE entry is probably erroneous, since this text should be replaced by the official CVE description automatically.
— Launchpad
Affected Software
Remediation
Mitigation
Information
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
What is the severity of CVE-2024-47076?
CVE-2024-47076 is classified as a high severity vulnerability that can lead to remote code execution.
How do I fix CVE-2024-47076?
To remediate CVE-2024-47076, update the affected packages to their latest versions, specifically cups-filters versions 1.28.7-1+deb11u3 or 1.28.17-5.
Which systems are impacted by CVE-2024-47076?
CVE-2024-47076 affects systems that utilize the cups-filters package in Debian-based distributions.
Where can I find more details on CVE-2024-47076?
For detailed information about CVE-2024-47076, refer to security advisories from relevant vendors and organizations.
What happens if I do not patch CVE-2024-47076?
Failing to patch CVE-2024-47076 can expose your system to potential remote code execution attacks and compromise security.