Описание
CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.
Меры по смягчению последствий
See the security bulletin for a detailed mitigation procedure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | cups-filters | Not affected | ||
| Red Hat Enterprise Linux 10 | libcupsfilters | Not affected | ||
| Red Hat Enterprise Linux 7.7 Advanced Update Support | cups-filters | Fixed | RHSA-2024:7551 | 02.10.2024 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | cups-filters | Fixed | RHSA-2024:7553 | 02.10.2024 |
| Red Hat Enterprise Linux 8 | cups-filters | Fixed | RHSA-2024:7463 | 01.10.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | cups-filters | Fixed | RHSA-2024:7461 | 01.10.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | cups-filters | Fixed | RHSA-2024:7504 | 02.10.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | cups-filters | Fixed | RHSA-2024:7504 | 02.10.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | cups-filters | Fixed | RHSA-2024:7504 | 02.10.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | cups-filters | Fixed | RHSA-2024:7623 | 03.10.2024 |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CUPS is a standards-based, open-source printing system, and `libcupsfi ...
Уязвимость функции cfGetPrinterAttributes5 библиотеки libcupsfilters сервера печати CUPS, позволяющая нарушителю раскрыть защищаемую информацию
8.2 High
CVSS3