OpenPrinting CUPS Remote Denial-of-Service Vulnerability via Unsafe Deserialization

A remote denial-of-service vulnerability has been identified in OpenPrinting CUPS versions prior to 2.4.12. The issue arises from an unsafe deserialization and validation of printer attributes, leading to a null dereference in the libcups library. This vulnerability can cause the CUPS and CUPS-browsed services to crash on all machines within the local network that are listening for printers, which is the default configuration for most Linux systems. Additionally, on systems where the vulnerability CVE-2024-47176 was not addressed, and the firewall does not block incoming IPP communications, the issue can be exploited over the public internet.

Impact

Exploitation of this vulnerability causes a crash of the CUPS and CUPS-browsed services, disrupting printing functionality on the affected machine. In default configurations, the vulnerability can be exploited remotely within the local subnet.

Reproduction

To reproduce this vulnerability, two machines on the same network are needed: an attacker machine and a target machine. Both machines should have CUPS and CUPS-browsed running. The attacker machine must send a crafted IPP response that triggers the null dereference in the target machine's CUPS service.

Remediation

Users can upgrade to CUPS version 2.4.13, which includes a patch for this vulnerability.