Cups vulnerability

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
2,561
Reaction score
2,498
Credits
18,687


How serious is this problem on a debian based desktop os? I have cups installed and there was no cups update as of today
 
How serious is this problem on a debian based desktop os? I have cups installed and there was no cups update as of today
The threat only exists if you have cups-browsed daemon activated, on most Desktops it is turned off by default so you should be safe. Cups-browsed is use to find network remote printers. If you using an internet printing service or have your printer on a network that you do not control you may have an issue. Also check to see if port 631 is active that the port it uses.
 
The threat only exists if you have cups-browsed daemon activated, on most Desktops it is turned off by default so you should be safe. Cups-browsed is use to find network remote printers. If you using an internet printing service or have your printer on a network that you do not control you may have an issue. Also check to see if port 631 is active that the port it uses.
I know i have it enabled, that's why i am asking. I have a network printer. how big is the risk? should i disable cups till theres a fix?
 
I know i have it enabled, that's why i am asking. I have a network printer. how big is the risk? should i disable cups till theres a fix?
Just stop and disable it until Debian comes with a patch, it's not like you are printing a book a day I would think?
 
I know i have it enabled, that's why i am asking. I have a network printer. how big is the risk? should i disable cups till theres a fix?
Is the network connect to the Web?
If its just a private netwok Isolated from others your most likely safe.
 
Is the network connect to the Web?
If its just a private netwok Isolated from others your most likely safe.
I've got some portforwarding
 
I have cups, but cups-browsed is not installed. I guess I'm not affected then?
 
Question: If a Linux system has ufw (the firewall) running with incoming set to "Deny," does this not keep the system safe from this vulnerability? I'm getting into a debate with someone over on another forum over this question. It seems to me that the firewall would keep the system safe. Am I wrong?
 
Question: If a Linux system has ufw (the firewall) running with incoming set to "Deny," does this not keep the system safe from this vulnerability? I'm getting into a debate with someone over on another forum over this question. It seems to me that the firewall would keep the system safe. Am I wrong?
I think firewall will keep you safe unless it allows inbound inbound to cups-browser service.

An attacker has access to a vulnerable server, which :
  1. Allows unrestricted access, such as the public internet
If you block inbound then the attacker has no unrestricted access.

Assuming redhat's description is correct then no, it can't.

Keep in mind that mDNS (avahi daemon) however could also contribute to discovery of a printer, this is not stated.
Perhaps it's worth seeing how cups-browser service works and whether your firewall allows outbound mDNS, in which case it would also allow inbound.

Also I think mDNS is stateless so firewall stateful rules might have no effect.
 

Members online


Top