Описание
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is subsequently dereferenced at multiple code sites, causing a crash (denial of service) of the cupsd daemon. With heap grooming, this can be leveraged for code execution.
A flaw was found in CUPS, an open-source printing system. This vulnerability, known as a use-after-free, occurs in the CUPS scheduler when temporary printers are automatically removed. The system fails to properly manage memory, leaving a pointer to a freed memory location. An attacker could exploit this to cause the CUPS daemon to crash, leading to a denial of service. In more severe scenarios, this could potentially allow an attacker to execute arbitrary code.
Отчет
This Moderate impact vulnerability in CUPS arises from a use-after-free flaw within the scheduler when temporary printers are automatically deleted. Exploitation could lead to a denial of service of the CUPS daemon, and potentially arbitrary code execution. This affects Red Hat systems running CUPS where temporary printers are configured or utilized.
Меры по смягчению последствий
To mitigate this issue, restrict network access to the CUPS daemon to only trusted hosts or localhost. This can be achieved by configuring firewall rules to block access to TCP port 631 from untrusted networks. For example, using firewalld:
sudo firewall-cmd --permanent --zone=public --remove-port=631/tcp
sudo firewall-cmd --reload
Alternatively, configure CUPS to only listen on localhost by modifying the Listen directive in /etc/cups/cupsd.conf to Listen localhost:631. After modifying the configuration, the CUPS service must be restarted for changes to take effect, which may temporarily interrupt printing services:
sudo systemctl restart cups
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | cups | Fix deferred | ||
| Red Hat Enterprise Linux 6 | cups | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cups | Fix deferred | ||
| Red Hat Enterprise Linux 8 | cups | Fix deferred | ||
| Red Hat Enterprise Linux 9 | cups | Fix deferred | ||
| Red Hat Hardened Images | cups | Affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is subsequently dereferenced at multiple code sites, causing a crash (denial of service) of the cupsd daemon. With heap grooming, this can be leveraged for code execution.
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is subsequently dereferenced at multiple code sites, causing a crash (denial of service) of the cupsd daemon. With heap grooming, this can be leveraged for code execution.
CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
OpenPrinting CUPS is an open source printing system for Linux and othe ...
EPSS
4 Medium
CVSS3