CVE-2023-34241
CUPS vulnerable to use-after-free in cupsdAcceptClient()
En resumen
CUPS posee un error donde intenta usar datos de una conexión ya cerrada al registrar información sobre la conexión. Esto puede causar que el servicio de impresión falle o funcione de forma impredecible.
Detalle técnico
Vulnerabilidad use-after-free en la función cupsdAcceptClient() desencadenada cuando httpClose() libera memoria de conexión antes de que cupsdLogClient() intente acceder a ella mediante httpGetHostname(). Ocurre cuando LogLevel está en warn o superior con fallos en búsquedas DNS inversa (HostNameLookups Double) o rechazo de conexión por TCP wrappers. Afecta CUPS versiones 2.0.0 hasta 2.4.5 e impacta la estabilidad del daemon cupsd.
Resumen generado y traducido por IA a partir de la descripción oficial.
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.
The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.
Version 2.4.6 has a patch for this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Productos afectados
OpenPrinting · cups¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2https://github.com/OpenPrinting/cups/releases/tag/v2.4.6https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25https://lists.debian.org/debian-lts-announce/2023/06/msg00038.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/https://support.apple.com/kb/HT213843https://support.apple.com/kb/HT213844https://support.apple.com/kb/HT213845http://www.openwall.com/lists/oss-security/2023/06/23/10http://www.openwall.com/lists/oss-security/2023/06/26/1