Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202402-17.NASL
HistoryFeb 18, 2024 - 12:00 a.m.

GLSA-202402-17 : CUPS: Multiple Vulnerabilities

2024-02-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
cups
security update
buffer overflow
dos
macos
logic issue
elevated privileges
use-after-free
printing system
vulnerabilities

8.1 High

AI Score

Confidence

High

JSON

The remote host is affected by the vulnerability described in GLSA-202402-17 (CUPS: Multiple Vulnerabilities)

  • A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. (CVE-2022-26691)

  • Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. (CVE-2023-4504)

  • OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function format_log_line could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file cupsd.conf sets the value of loglevel to DEBUG. No known patches or workarounds exist at time of publication. (CVE-2023-32324)

  • OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function httpClose(con->http) being called in scheduler/client.c. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function cupsdAcceptClient if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in cupsd.conf) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from /etc/hosts.allow and /etc/hosts.deny. Version 2.4.6 has a patch for this issue. (CVE-2023-34241)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202402-17.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(190669);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/18");

  script_cve_id(
    "CVE-2022-26691",
    "CVE-2023-4504",
    "CVE-2023-32324",
    "CVE-2023-34241"
  );

  script_name(english:"GLSA-202402-17 : CUPS: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202402-17 (CUPS: Multiple Vulnerabilities)

  - A logic issue was addressed with improved state management. This issue is fixed in Security Update
    2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated
    privileges. (CVE-2022-26691)

  - Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and
    libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been
    fixed in CUPS version 2.4.7, released in September of 2023. (CVE-2023-4504)

  - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow
    vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow
    vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the
    affected system. Exploitation of the vulnerability can be triggered when the configuration file
    `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of
    publication. (CVE-2023-32324)

  - OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like
    operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to
    the logging service AFTER the connection has been closed, when it should have logged the data right
    before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue
    is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose
    always, provided its argument is not null, frees the pointer at the end of the call, only for
    cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient`
    if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address
    (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP
    wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version
    2.4.6 has a patch for this issue. (CVE-2023-34241)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202402-17");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=847625");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=907675");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=909018");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=914781");
  script_set_attribute(attribute:"solution", value:
"All CUPS users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=net-print/cups-2.4.7");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26691");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-34241");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cups");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include('qpkg.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : 'net-print/cups',
    'unaffected' : make_list("ge 2.4.7"),
    'vulnerable' : make_list("lt 2.4.7")
  }
];

foreach var package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'CUPS');
}
VendorProductVersionCPE
gentoolinuxcupsp-cpe:/a:gentoo:linux:cups
gentoolinuxcpe:/o:gentoo:linux

Related

gentoo 1
nessus 69
openvas 54
almalinux 2
oraclelinux 2
redhat 4
osv 12
rosalinux 2
photon 1
amazon 6
fedora 7
mageia 2
ubuntucve 3
cve 2
prion 2
veracode 3
debiancve 3
wolfi 2
debian 2
ubuntu 7
redhatcve 3
slackware 2
cbl_mariner 3
cgr 2
alpinelinux 3
gentoo
gentoo
CUPS: Multiple Vulnerabilities
2024-02-18 00:00:00
nessus
nessus
Oracle Linux 9 : cups (ELSA-2023-6596)
2023-11-16 00:00:00
EulerOS Virtualization 2.10.1 : cups (EulerOS-SA-2023-2914)
2024-01-16 00:00:00
EulerOS 2.0 SP10 : cups (EulerOS-SA-2023-2806)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2023-2806)
2023-09-11 00:00:00
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2023-2607)
2023-08-08 00:00:00
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2023-3119)
2023-11-09 00:00:00
almalinux
almalinux
Moderate: cups security and bug fix update
2023-11-07 00:00:00
Moderate: cups security and bug fix update
2023-11-14 00:00:00
oraclelinux
oraclelinux
cups security and bug fix update
2023-11-11 00:00:00
cups security and bug fix update
2023-11-17 00:00:00
redhat
redhat
(RHSA-2023:6596) Moderate: cups security and bug fix update
2023-11-07 06:09:41
(RHSA-2023:7165) Moderate: cups security and bug fix update
2023-11-14 08:46:50
(RHSA-2024:1409) Moderate: cups security update
2024-03-19 16:35:18
osv
osv
Moderate: cups security and bug fix update
2023-11-14 00:00:00
Moderate: cups security and bug fix update
2023-11-07 00:00:00
cups - security update
2023-06-01 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2377
2024-03-19 12:44:17
Advisory ROSA-SA-2024-2320
2024-01-09 09:43:52
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0106
2023-10-01 00:00:00
amazon
amazon
Medium: cups
2023-08-03 18:09:00
Medium: cups
2023-08-03 20:16:00
Medium: cups
2023-07-05 21:44:00
fedora
fedora
[SECURITY] Fedora 38 Update: cups-2.4.6-1.fc38
2023-06-30 01:23:27
[SECURITY] Fedora 39 Update: libppd-2.0~rc2-4.fc39
2023-09-29 00:20:33
[SECURITY] Fedora 37 Update: cups-2.4.7-1.fc37
2023-10-07 01:22:46
mageia
mageia
Updated cups packages fix security vulnerability
2023-07-07 08:54:45
Updated cups packages fix security vulnerability
2023-06-15 10:27:14
ubuntucve
ubuntucve
CVE-2023-34241
2023-06-22 00:00:00
CVE-2023-32324
2023-06-01 00:00:00
CVE-2023-4504
2023-09-20 00:00:00
cve
cve
CVE-2023-34241
2023-06-22 23:15:09
CVE-2023-32324
2023-06-01 17:15:09
prion
prion
Heap overflow
2023-06-01 17:15:00
Design/Logic Flaw
2023-06-22 23:15:00
veracode
veracode
Denial Of Service (DoS)
2023-06-03 19:14:14
Use-After-Free
2023-07-11 12:56:52
Heap Buffer Overflow
2023-09-26 07:35:27
debiancve
debiancve
CVE-2023-32324
2023-06-01 17:15:09
CVE-2023-34241
2023-06-22 23:15:09
CVE-2023-4504
2023-09-21 23:15:12
wolfi
wolfi
CVE-2023-32324 vulnerabilities
2024-05-12 03:13:14
CVE-2023-4504 vulnerabilities
2024-05-12 03:13:14
debian
debian
[SECURITY] [DLA 3440-1] cups security update
2023-06-01 21:30:28
[SECURITY] [DLA 3476-1] cups security update
2023-06-30 18:30:28
ubuntu
ubuntu
CUPS vulnerability
2023-06-22 00:00:00
CUPS vulnerability
2023-07-17 00:00:00
CUPS vulnerability
2023-06-01 00:00:00
redhatcve
redhatcve
CVE-2023-32324
2023-06-14 08:16:25
CVE-2023-4504
2023-09-20 14:24:41
CVE-2023-34241
2023-06-22 11:17:06
slackware
slackware
[slackware-security] cups
2023-06-02 21:05:23
[slackware-security] cups
2023-06-22 19:14:03
cbl_mariner
cbl_mariner
CVE-2023-32324 affecting package cups for versions less than 2.3.3op2-7
2024-04-13 08:55:39
CVE-2023-34241 affecting package cups for versions less than 2.3.3op2-7
2024-04-13 08:55:39
CVE-2023-4504 affecting package cups for versions less than 2.3.3op2-7
2024-04-13 08:55:39
cgr
cgr
CVE-2023-32324 vulnerabilities
2024-05-12 03:27:28
CVE-2023-4504 vulnerabilities
2024-05-12 03:27:28
alpinelinux
alpinelinux
CVE-2023-32324
2023-06-01 17:15:09
CVE-2023-4504
2023-09-21 23:15:12
CVE-2023-34241
2023-06-22 23:15:09

8.1 High

AI Score

Confidence

High

JSON
Related for GENTOO_GLSA-202402-17.NASL
gentoo1nessus69openvas54almalinux2oraclelinux2redhat4osv12rosalinux2photon1amazon6fedora7mageia2ubuntucve3cve2prion2veracode3debiancve3wolfi2debian2ubuntu7redhatcve3slackware2cbl_mariner3cgr2alpinelinux3