CVE-2024-47076: 
Rocky Linux vulnerability analysis and mitigation

CVE-2024-47076 affects OpenPrinting CUPS, specifically the cfGetPrinterAttributes5 function in libcupsfilters. The vulnerability was discovered and disclosed on September 26, 2024. The function fails to sanitize IPP attributes returned from an IPP server, which when used to generate a PPD file, can lead to attacker-controlled data being provided to the rest of the CUPS system. This vulnerability affects all versions of Red Hat Enterprise Linux (RHEL) and libcupsfilters <= 2.1b1 (GHSA Advisory, NVD).

The vulnerability exists in the cfGetPrinterAttributes5 function of libcupsfilters, which processes IPP (Internet Printing Protocol) attributes returned from a printer server. The function does not properly validate or sanitize these attributes before they are used to generate PPD (PostScript Printer Description) files. The vulnerability has been assigned a CVSS v3.1 base score of 8.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N, indicating a network-exploitable vulnerability requiring no privileges or user interaction (NVD).

When exploited, this vulnerability can allow an attacker to inject controlled data into the CUPS system through malicious IPP attributes. This can lead to potential security breaches when these attributes are used to generate PPD files. The vulnerability is particularly concerning as it can be chained with other vulnerabilities (CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177) to achieve remote code execution on affected systems (Evil Socket).

To mitigate this vulnerability, administrators should: 1) Disable and stop the cups-browsed service using 'systemctl stop cups-browsed' and 'systemctl disable cups-browsed' if printing is not needed, 2) Ensure the system is not vulnerable by checking if cups-browsed is running using 'systemctl status cups-browsed', 3) Block all traffic to UDP port 631 and DNS-SD traffic if the service must remain active. Red Hat and the broader Linux community are working on patches to address these issues (Red Hat Blog).

The vulnerability has garnered significant attention in the security community, particularly due to its potential for remote code execution when chained with other vulnerabilities. Red Hat has rated these issues with a severity impact of Important, noting that while all versions of RHEL are affected, the packages are not vulnerable in their default configuration (Red Hat Blog).