CVE-2023-24805
published 2023-05-17CVE-2023-24805: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.70%
88.3th percentile
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cups-filters | < cups-filters 1.28.17-3 (bookworm) | cups-filters 1.28.17-3 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| linuxfoundation | cups-filters | < 2.0 | 2.0 |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | >= 0 < 1.28.7-1+deb11u2 | 1.28.7-1+deb11u2 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3 | 1.28.17-3 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3 | 1.28.17-3 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3 | 1.28.17-3 |
| openprinting | cups-filters | <= 2.0rc1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unsanitized user-controlled input being passed to system() via the beh (Backend Error Handler) CUPS backend, which can allow injection of arbitrary OS commands executed in the context of the print server process. ↗
- →Alert on specially crafted network traffic targeting the CUPS beh backend that causes the backend to stop responding or execute arbitrary code. ↗
- →The fix is in commit 8f2740357; compare running cups-filters binaries/source against this commit to identify unpatched instances. ↗
- ·The vulnerability is only exploitable if the beh (Backend Error Handler) backend is used to create an accessible (network-exposed) printer. Installations not using beh or not exposing the print server to the network are not at risk. ↗
- ·Red Hat Enterprise Linux 7 is listed as Not Affected for this CVE. ↗
- ·Debian scopes this as 'local' despite the upstream advisory describing network-based exploitation; verify exposure model for your environment. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
cups-filters vulnerability
vendor_ubuntu·2023-06-19
CVE-2023-24805 cups-filters vulnerability
Title: cups-filters vulnerability
Summary: cups-filters could be made to crash or run programs if it received
specially crafted network traffic.
USN-6083-1 fixed a vulnerability in cups-filters. This update provides
the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that cups-filters incorrectly handled the beh CUPS
backend. A remote attacker could possibly use this issue to cause the
backend to stop responding or to execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cups-filters: remote code execution in cups-filters, beh CUPS backend
vendor_redhat·2023-05-17·CVSS 8.8
CVE-2023-24805 [HIGH] CWE-94 cups-filters: remote code execution in cups-filters, beh CUPS backend
cups-filters: remote code execution in cups-filters, beh CUPS backend
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expect
Ubuntu
cups-filters vulnerability
vendor_ubuntu·2023-05-17
CVE-2023-24805 cups-filters vulnerability
Title: cups-filters vulnerability
Summary: cups-filters could be made to crash or run programs if it received
specially crafted network traffic.
It was discovered that cups-filters incorrectly handled the beh CUPS
backend. A remote attacker could possibly use this issue to cause the
backend to stop responding or to execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2023-24805: cups-filters - cups-filters contains backends, filters, and other software required to get the ...
vendor_debian·2023·CVSS 8.8
CVE-2023-24805 [HIGH] CVE-2023-24805: cups-filters - cups-filters contains backends, filters, and other software required to get the ...
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when
OSV
CVE-2023-24805: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos
osv·2023-05-17·CVSS 8.8
CVE-2023-24805 [HIGH] CVE-2023-24805: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3xhttps://lists.debian.org/debian-lts-announce/2023/05/msg00021.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/https://lists.fedoraproject.org/archives/list/[email protected]/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/https://security.gentoo.org/glsa/202401-06https://www.debian.org/security/2023/dsa-5407https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3xhttps://lists.debian.org/debian-lts-announce/2023/05/msg00021.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/https://lists.fedoraproject.org/archives/list/[email protected]/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/https://security.gentoo.org/glsa/202401-06https://www.debian.org/security/2023/dsa-5407
2023-05-17
Published