124 matches found
CVE-2024-47850
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added. Mitigation See the security bulletin for a detailed...
SUSE-SU-2024:3523-1 Security update for cups-filters
This update for cups-filters fixes the following issues: - cups-browsed would bind on UDP INADDRANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocolsbsc1230939,...
CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
AZL-53837 CVE-2024-47850 affecting package cups for versions less than 1.28.17-3
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
DEBIAN-CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
UBUNTU-CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
CVE-2024-47850
CVE-2024-47850 affects CUPS with cups-browsed before 2.5b1, where a single IPP UDP printer-add request can trigger an HTTP POST to an arbitrary destination/port, enabling potential DDoS amplification. This is documented in connected Astra Linux advisories and linked advisories; patching via vendo...
CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...
cups-browsed Information Disclosure
Retrieve CUPS version and kernel version information from cups-browsed services. Module Options msf use auxiliary/scanner/misc/cupsbrowsedinfodisclosure msf auxiliarycupsbrowsedinfodisclosure show actions ...actions... msf auxiliarycupsbrowsedinfodisclosure set ACTION msf...
Exploit for CVE-2024-47176
PoC: Unauthenticated RCE on cups-browsed...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...
Vulnerabilities in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177)
OpenPrinting CUPS is the most current version of CUPS, a standards-based, open source printing system for Linux® and other Unix®-like operating systems. Several security vulnerabilities have been disclosed in the OpenPrinting Common Unix Printing System CUPS on Linux systems that could permit...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...
cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
A security issue has been identified in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...
cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
A security issue has been identified in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...