From nobody Fri Sep 27 15:46:37 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFZZj3xG1z5Y88r; Fri, 27 Sep 2024 15:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFZZj3Q6Yz42BH; Fri, 27 Sep 2024 15:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727451997; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S5+Ni7TKrIQTRLmQEwMdHeOgjIhvXX5wM/oKVzB+RPQ=; b=Tf+NB1xJsFE7/T3/pLO2yCrskfEr/vr5MmNADs636PRukTcoJbXNTdos47nBscmNPCnsMq Dzxxu1wLdwJpGMB/HjzC7FS1T6yPTqvaKlHhYj/fQ8N0YSBRz0nUoz/Sa/CbF4h3XTXyy8 2fAhBzc9oWBcTRxfQKQBri+v441Qj7iUhSnqA/6h8ockZwIVMFlP6pVnVeAcGKQpk2ELdW UPZ+jodPOTwMfrpYRNxQ3uKYj2eCFCj/11B7e2q3iUjCQnVQIbOeIO8RsZbd8R9/ajShDD TGUHUycXH3vzH5LHnCPvn70Au0Y3Eme6EMDURqfxNp6nCYKCZZTIw4FAxzwKbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727451997; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S5+Ni7TKrIQTRLmQEwMdHeOgjIhvXX5wM/oKVzB+RPQ=; b=rl+h5cOPt1Od/2p/Z9QWUSLfVeNSogKNY7jH9b3DzITLcqUHVOPqY3XJ+eJglDWP3GpnfV 7HGClqrkq1GDUZekH/hzWXuqLNfN7nnkBApDm4lWTMYIzGNqDKAIsUL3/Smk7GeLSd3pzN wCCgIniCJoxw3zPLJmPIJmppO5qzNciie3VEZlseDJDJIzepGagHjDc1GWjV2EZ60oDVi0 eiUIFKD/tzJjRo7YernZ9XPMy5w425tmne6ouNvRHuCkjRs5O3ymWyOoprgNHoiBhagPTv eHUlIwJ7SgqWkfC0KbLbYXz4Cn81pcZR9EAfQ2MgL2OMC+Q4ldwSWKhqA1BXcQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727451997; a=rsa-sha256; cv=none; b=qHsG82Xu6Zc876qL3QuTIVh3vbYm/q5vGOyxKgn0om74KRr78jzzTJvl/lB87RIE7c6mvF NuByT/ZiSncARmRk7p6Z9d1JtxLr24fJRWilKHh9jmH3dxQsj/f4c9aENsvwIomG1enH04 spVlKij3LIH02SdfmD2bEG5tXDRy4/RuOGtCNXtIH4jLDp8+RqjOnhdn4JWAl4G7gvFbLy PnW4ZNEOV5c+KaujprCgu/R4iYUk3aU4dwL2nZm8M1YIGpw/1MWY9445YHXhi+rD3gl5Lj V5CdhFBWUQwfIevxWODIG1rpgFw6tr9FB9MFDtHl0rNUeSZrWehSFnpggs5E1w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XFZZj2xM1zlyv; Fri, 27 Sep 2024 15:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48RFkbE6076349; Fri, 27 Sep 2024 15:46:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48RFkbiu076346; Fri, 27 Sep 2024 15:46:37 GMT (envelope-from git) Date: Fri, 27 Sep 2024 15:46:37 GMT Message-Id: <202409271546.48RFkbiu076346@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Tijl Coosemans Subject: git: 02f3b1662d32 - main - security/vuxml: Add cups-browsed RCE List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tijl X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 02f3b1662d323910f02932884affb820ccc977ff Auto-Submitted: auto-generated The branch main has been updated by tijl: URL: https://cgit.FreeBSD.org/ports/commit/?id=02f3b1662d323910f02932884affb820ccc977ff commit 02f3b1662d323910f02932884affb820ccc977ff Author: Tijl Coosemans AuthorDate: 2024-09-27 14:33:56 +0000 Commit: Tijl Coosemans CommitDate: 2024-09-27 15:15:19 +0000 security/vuxml: Add cups-browsed RCE --- security/vuxml/vuln/2024.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 27d3c4a2b080..f74fbd616725 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,61 @@ + + cups-filters -- remote code execution + + + cups-filters + 0 + + + + +

OpenPrinting reports:

+
+

Due to the service binding to *:631 ( INADDR_ANY ), multiple bugs + in cups-browsed can be exploited in sequence to introduce a + malicious printer to the system. This chain of exploits ultimately + enables an attacker to execute arbitrary commands remotely on the + target machine without authentication when a print job is started. + Posing a significant security risk over the network. Notably, this + vulnerability is particularly concerning as it can be exploited + from the public internet, potentially exposing a vast number of + systems to remote attacks if their CUPS services are enabled.

+
+

The vulnerability allows an attacker on the internet to create a + new printer device with arbitrary commands in the PPD file of the + printer. Attacks using mDNS on the local network can also replace an + existing printer. The commands are executed when a user attempts to + print on the malicious device. They run with the privileges of the + user "cups".

+

It is recommended to disable the cups_browsed service until patches + become available. On FreeBSD this is the default. You can check the + status and disable the service with the following commands:

+

# service cups_browsed status
+ # service cups_browsed stop
+ # service cups_browsed disable

+

Attacks from the internet can be blocked by removing the "cups" + protocol from the BrowseRemoteProtocols and BrowseProtocols + directives in /usr/local/etc/cups/cups-browsed.conf. Attacks using + mDNS can be blocked by removing the "dnssd" protocol as well. Access + can be limited to specific IP addresses using BrowseAllow, + BrowseDeny, and BrowseOrder directives as documented in + cups-browsed.conf(5). Then restart the service with the following + command:

+

# service cups_browsed restart

+ + + + CVE-2024-47076 + CVE-2024-47175 + CVE-2024-47176 + CVE-2024-47177 + https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 + + + 2024-09-26 + 2024-09-27 + + + expat -- multiple vulnerabilities