Security vulenrability discovered in cups-browsed
CUPS is an open-source, standards-based printing system, and cups-browsed provides network printing features including automatic discovery of print services and shared printers.
CUPS vulnerabilities allow remote code execution on Linux. This is discovered by Simone Margaritelli. This bug is reported under CVE-2024-47176.
cups-browsed binds to INADDR_ANY:631, allowing it to trust packets from any source, which can lead to malicious IPP requests targeting an attacker-controlled URL. By exploiting multiple bugs in cups-browsed, an attacker can introduce a rogue printer and remotely execute arbitrary commands without authentication when a print job is initiated, posing a serious security risk over the network, especially from the public internet.
So far, there is no patch for it. It is highly recommended to disable cups-browsed as follows:
sudo systemctl stop cups-browsed sudo systemctl disable cups-browsed
and verify it by
sudo systemctl status cups-browsed
