Ubuntu: (Multiple Advisories) (CVE-2024-47175): CUPS vulnerability
描述
CUPS is a st和ards-based, open-source printing system, 和 `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input 和 ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
解决方案(年代)
- ubuntu-upgrade-cups
- ubuntu-upgrade-libppd-utils
- ubuntu-upgrade-libppd2
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, 和 Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, 和 what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value 和 insight.
– Scott Cheney, 经理 of Information Security, Sierra View Medical Center