CVE-2024-47850: 
Alma Linux vulnerability analysis and mitigation

CUPS cups-browsed before version 2.5b1 contains a vulnerability where it will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added. This vulnerability is tracked as CVE-2024-47850 and is distinct from CVE-2024-47176. The vulnerability was disclosed in October 2024 (NVD, Akamai).

The vulnerability exists in the cups-browsed component when it receives a well-formed packet on UDP port 631 containing an HTTP port 80 URL. When triggered, the service will send HTTP requests in a continuous loop that persists until forcibly terminated. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (GHSA Advisory).

When successfully exploited, this vulnerability can be used to create DDoS amplification attacks. A single client can trigger continuous HTTP requests that impact the availability of a target server, and multiple clients can amplify this effect. The vulnerability primarily affects the availability of systems while having no direct impact on confidentiality or integrity (NetApp Advisory).

A mitigation is available by modifying the cups-browsed configuration. Users should edit /etc/cups/cups-browsed.conf, locate the BrowseRemoteProtocols configuration option, and set it to 'dnssd' (removing 'cups' from the default value of 'dnssd cups'). After making this change, cups-browsed should be restarted using the command 'sudo systemctl restart cups-browsed' (GHSA Advisory).