CVE-2023-24805: Command injection in cups-filters
First published: Thu May 11 2023(Updated: )
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cups-filters | <0:1.20.0-29.el8_8.2 | 0:1.20.0-29.el8_8.2 |
| redhat/cups-filters | <0:1.20.0-18.el8_1.1 | 0:1.20.0-18.el8_1.1 |
| redhat/cups-filters | <0:1.20.0-19.el8_2.1 | 0:1.20.0-19.el8_2.1 |
| redhat/cups-filters | <0:1.20.0-24.el8_4.1 | 0:1.20.0-24.el8_4.1 |
| redhat/cups-filters | <0:1.20.0-27.el8_6.1 | 0:1.20.0-27.el8_6.1 |
| redhat/cups-filters | <0:1.28.7-11.el9_2.1 | 0:1.28.7-11.el9_2.1 |
| redhat/cups-filters | <0:1.28.7-10.el9_0.1 | 0:1.28.7-10.el9_0.1 |
| debian/cups-filters | <=1.21.6-5 | 1.21.6-5+deb10u1 1.28.7-1+deb11u2 1.28.17-3 |
| debian/cups-filters | <=1.28.7-1<=1.28.7-1+deb11u1<=1.28.17-2 | 1.28.17-3 1.28.7-1+deb11u2 |
| linuxfoundation cups-filters | <2.0 | |
| linuxfoundation cups-filters | =2.0-beta1 | |
| linuxfoundation cups-filters | =2.0-beta2 | |
| linuxfoundation cups-filters | =2.0-beta3 | |
| linuxfoundation cups-filters | =2.0-rc1 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2023-24805
- https://www.cve.org/CVERecord?id=CVE-2023-24805
- https://www.openwall.com/lists/oss-security/2023/05/17/5
- https://github.com/OpenPrinting/cups-filters/commit/93e60d3df35
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036224
- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x
- https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/
- https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html
- https://www.debian.org/security/2023/dsa-5407
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/
- https://security.gentoo.org/glsa/202401-06
- https://access.redhat.com/security/cve/CVE-2023-24805
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2207970
- https://access.redhat.com/errata/RHSA-2023:3429
- https://access.redhat.com/errata/RHSA-2023:3423
- https://access.redhat.com/errata/RHSA-2023:3424
- https://access.redhat.com/errata/RHSA-2023:3428
- https://access.redhat.com/errata/RHSA-2023:3427
- https://access.redhat.com/errata/RHSA-2023:3426
- https://access.redhat.com/errata/RHSA-2023:3425
- https://access.redhat.com/security/cve/cve-2023-24805
- https://bugzilla.redhat.com/show_bug.cgi?id=2203051
- https://www.cve.org/CVERecord?id=CVE-2023-24805 https://nvd.nist.gov/vuln/detail/CVE-2023-24805 https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x
- https://github.com/OpenPrinting/cups-filters/commit/93e60d3df358c0ae6f3dba79e1c9684657683d89
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2023-24805?
CVE-2023-24805 is a vulnerability found in cups-filters that can lead to remote code execution if the Backend Error Handler (beh) is used to create an accessible network printer.
How does the vulnerability in cups-filters occur?
The vulnerability in cups-filters occurs when the Backend Error Handler (beh) is used to create an accessible network printer.
What is the severity of CVE-2023-24805?
CVE-2023-24805 has a severity rating of 8.8, indicating a high severity.
What software versions are affected by CVE-2023-24805?
The affected software versions include cups-filters 1.20.0-29.el8_8.2, 1.20.0-18.el8_1, 1.20.0-19.el8_2, 1.20.0-24.el8_4, 1.20.0-27.el8_6, 1.28.7-11.el9_2.1, and 1.28.7-10.el9_0.1.
How can I mitigate or fix the vulnerability in cups-filters?
To mitigate the vulnerability in cups-filters, it is recommended to update to the latest version of the software, such as cups-filters 1.21.6-5+deb10u1, 1.28.7-1+deb11u2, or 1.28.17-3, depending on your distribution.
- collector/redhat-cve
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2023-24805
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- agent/author
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/linuxfoundation
- canonical/linuxfoundation cups-filters
- version/linuxfoundation cups-filters/2.0-beta1
- version/linuxfoundation cups-filters/2.0-beta2
- version/linuxfoundation cups-filters/2.0-beta3
- version/linuxfoundation cups-filters/2.0-rc1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0