Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.
Background
The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog as more information becomes available.
FAQ
What is CUPS?
Common UNIX Printing System (CUPS) is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP (Internet Printing Protocol) to allow for printing with local and network printers.
What are the vulnerabilities associated with the recent CUPS disclosure?
As of September 26, the following four CVE identifiers were assigned for vulnerabilities related to CUPS:
| CVE | Description | Affected Component | CVSSv3* |
|---|---|---|---|
| CVE-2024-47076 | libscupsfilters Improper Input Validation or Sanitization Vulnerability | libcupsfilters | 8.6 |
| CVE-2024-47175 | libppd Improper Input Validation or Sanitization Vulnerability | libppd | 8.6 |
| CVE-2024-47176 | cups-browsed Binding to an Unrestricted IP Address Vulnerability | cups-browsed | 8.4 |
| CVE-2024-47177 | cups-filters Command Injection Vulnerability | cups-filters | 9.1 |
*These CVSSv3 scores are current as of September 26..
What are CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177?
CVE-2024-47076 is a flaw in the libcupsfilters l
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: