{
  "threat_severity" : "Important",
  "public_date" : "2024-09-26T20:00:00Z",
  "bugzilla" : {
    "description" : "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
    "id" : "2314252",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-940",
  "details" : [ "CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.", "A security issue has been identified in OpenPrinting CUPS.\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer's capabilities (such as supported media sizes, resolutions, color modes, etc.).\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header." ],
  "statement" : "The cups-browsed service is disabled by default on all versions of RHEL.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7551",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "cups-filters-0:1.0.35-26.el7_7.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7553",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "cups-filters-0:1.0.35-29.el7_9.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7463",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "cups-filters-0:1.20.0-35.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7461",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "cups-filters-0:1.20.0-19.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7504",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "cups-filters-0:1.20.0-24.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7504",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.4",
    "package" : "cups-filters-0:1.20.0-24.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7504",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.4",
    "package" : "cups-filters-0:1.20.0-24.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2024-10-03T00:00:00Z",
    "advisory" : "RHSA-2024:7623",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "cups-filters-0:1.20.0-27.el8_6.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2024-10-03T00:00:00Z",
    "advisory" : "RHSA-2024:7623",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "cups-filters-0:1.20.0-27.el8_6.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2024-10-03T00:00:00Z",
    "advisory" : "RHSA-2024:7623",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "cups-filters-0:1.20.0-27.el8_6.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7462",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.8",
    "package" : "cups-filters-0:1.20.0-29.el8_8.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-09-27T00:00:00Z",
    "advisory" : "RHSA-2024:7346",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "cups-filters-0:1.28.7-17.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7506",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "cups-filters-0:1.28.7-10.el9_0.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7503",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "cups-filters-0:1.28.7-11.el9_2.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "cups-browsed",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-47176\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47176\nhttps://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\nhttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/" ],
  "csaw" : true,
  "name" : "CVE-2024-47176",
  "mitigation" : {
    "value" : "See the security bulletin for a detailed mitigation procedure.",
    "lang" : "en:us"
  }
}