Verifying andmitigating CUPS printing related vulnerabilities from servers

in LeoFinance2 months ago

For the past few days a high severity vulnerability impacting multiple GNU/Linux distributions is going around and as expected, this is from the CUPS printing stack.

Details can be found here www.evilsocket.net

image.png

Steps for ensuring your Debian GNU/Linux is not impacted

Check for cups-browsed with: systemctl status cups-browsed

root@host:~# systemctl status cups-browsed`

cups-browsed.service
  Loaded: not-found (Reason: No such file or directory)
  Active: inactive (dead)

Lets scan the port sudo nmap localhost -p 631 --script cups-info

One scan gave a core dump:

root@host:~# sudo nmap localhost -p 631 --script cups-info

Starting Nmap 7.01 ( https://nmap.org ) at 2024-09-27 11:40 UTC
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 0 undergoing Script Pre-Scan
nmap: timing.cc:710: bool ScanProgressMeter::printStats(double, const timeval*): Assertion `ltime' failed.
Aborted (core dumped)

But the port itself is closed

Starting Nmap 7.01 ( https://nmap.org ) at 2024-09-27 11:45 UTC
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000054s latency).
PORT    STATE  SERVICE
631/tcp closed ipp

Inspect the installed packages:

apt list --installed | egrep '(cups-browsed|libcupsfilters|libppd|cups-filters|ipp)'

libcupsfilters1/xenial-infra-security,now 1.8.3-2ubuntu3.5+esm1 amd64 [installed,automatic]

Loo for cups related packages: apt list --installed | grep cups

libcups2/xenial-infra-security,now 2.1.3-4ubuntu0.11+esm7 amd64 [installed,automatic]
libcupsfilters1/xenial-infra-security,now 1.8.3-2ubuntu3.5+esm1 amd64 [installed,automatic]
libcupsimage2/xenial-infra-security,now 2.1.3-4ubuntu0.11+esm7 amd64 [installed]

Disable & remove the services:

If the printing and document management is not used on the server, delete the related packages as follows.

apt remove libcups2 libcupsfilters1 libcupsfilters1 libcupsimage2

These steps will make sure that the usually high severity (9.1) rated vulnerabilities are removed from the servers.

#security #cve #cups #linux #printing #india
2 months ago in LeoFinance by
$5.25
  • Past Payouts $5.25
  • - Author $2.63
  • - Curators $2.62
114 votes
Reply 3
Sort:  
  • Trending
    • [-]
     2 months ago  

    If cups-browsed is installed, it can be removed as well.

    $0.00
      Reply
      [-]
       2 months ago  


      🎉 Upvoted 🎉
      👏 Keep Up the good work on Hive ♦️ 👏
      ❤️ @bhattg suggested sagarkothari88 to upvote your post ❤️
      --
      Support Back
      		Join Discord
      Hive Inbox App
      		HiFind - Manual Curation Assistant

      $0.00
      • Max accepted payout: $100,000.00
      Reply
      [-]
       2 months ago  

      Congratulations @bobinson! You received a personal badge!

      Happy Hive Birthday! You are on the Hive blockchain for 7 years!

      You can view your badges on your board and compare yourself to others in the Ranking

      Check out our last posts:

      Our Hive Power Delegations to the September PUM Winners
      Feedback from the October Hive Power Up Day
      Hive Power Up Month Challenge - September 2024 Winners List
      $0.00
        Reply