CUPS and iPrint Appliance

In the German it-Business Magazines of the Heise Company Simone Margaritelli had reported a serious and critical security problem of the Common Unix Printer System (SUPS). I would like insert the link:

https://www.heise.de/news/Teils-kritische-Luecken-in-Unix-Drucksystem-CUPS-ermoeglichen-Codeschmuggel-9955130.html

The main issue is unauthorized access to port 631. Are there any version of OES affected by this security problem. Has anyone experieced some problems with iPrint, iPrint Aplpliance or CUPS in recent time?

  • 0  

    Hallo Christoph

    Suse provides a CVE database on the one hand and the SUSE Update Advisories on the other. www.suse.com/.../ . In this database you can find information about Cup's CVE. www.suse.com/.../ patches seem to be available already.

    One more thing about Heise. I have been working in the field of IT emergency management and preventive IT forensics for many years and have sometimes wondered about a security article from Heise because it did not describe a CVE 100% correctly. Please this is a personal opinion and as always, if I write nonsense please forgive me

    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

  • Verified Answer

    +1  

    First thing, make sure port 631 is not visible on the wild of the internet. That is just asking for trouble, even without this particular issue.

    The Internet Storm Center (SANS) has a useful report pointing the CVEs involved, as well as some advice, especially "Don't Panic"

    I'm seeing way too many devices with the port live to some extent (with NMAP) at one client, so I have a bunch of things to check out.

    An example of the command (change your IP range as appropriate) to help see your base exposure.  (why are those systems accepting printing requests?)
      nmap -p 631 10.0.0.0/16

    nmap comes with most linux systems by default. A GUI interface for most operating systems is called Zenmap.

    Of the OES boxes just checked, only one of the CVEs appears exposed CVE-2024-47177, the other daemons aren't installed, even on the iPrint boxes.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • Verified Answer

    +1   in reply to   

    Hi Andy,

    Just imagine you are on a university campus with more than 1,000,000 million IPs. How many poorly secured systems will you find and how many ports listening on 631 in the campus network? How many public IPS and networks will you find on a campus network that will also offer 631.

    II know I'm a ......;-)

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

  • Verified Answer

    +1   in reply to   

    Hi Georg, 

    I was imagining those as well (and shudder). Let's just hope the patches at least become available before the breaches start happening (if it hasn't already happened)

    Yes we both like 'stirring the pot'

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.