CUPS-Filters is a software package that contains backends, filters, and other utilities required for the Common Unix Printing System (CUPS) to function properly on operating systems other than macOS. It enables users to set up printers and manage print jobs on their systems. However, a new security vulnerability has been discovered in the CUPS-Filters Backend Error Handler (BEH) component, which can lead to remote code execution.

Exploit Details

The vulnerability exists in the beh.c file of the cups-filters package. When setting up a network printer with the Backend Error Handler, a potential attacker can exploit a security flaw in the way the system function is used with unsanitized user-supplied values. The system function is called with the operand cmdline and the following code snippet illustrates this issue:

retval = system(cmdline) >> 8;

The cmdline variable contains user-controlled values that are not properly sanitized before being passed to the system function. Consequently, an attacker with network access to the hosted print server can inject malicious system commands that will be executed in the context of the running server, leading to remote code execution.

Solution and Mitigation

This issue has been reported and addressed in commit 8f2740357, which can be found in the cups-filters repository:

Link to Commit 8f2740357

The fix is expected to be included in the upcoming release of cups-filters. Users are strongly advised to upgrade their cups-filters package as soon as the patched version is available. In the meantime, to minimize the risk of exploitation, it is recommended to restrict access to network printers and monitor any suspicious activities on the print server.

Conclusion

The presence of this remote code execution vulnerability in cups-filters highlights the importance of regularly updating software packages to protect systems from potential attacks. By staying vigilant, taking mitigating steps like restricting access to network printers, and updating software when patches become available, users can help safeguard their systems from the risks posed by security vulnerabilities.

Timeline

Published on: 05/17/2023 18:15:00 UTC
Last modified on: 05/25/2023 17:05:00 UTC