Search for vulnerabilities
Vulnerability details: VCID-vej6-wkjp-aaan
Vulnerability ID VCID-vej6-wkjp-aaan
Aliases CVE-2024-35235
Summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.
Status Published
Exploitability 0.5
Weighted Severity 4.0
Risk 2.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-277 Insecure Inherited Permissions
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-252 Unchecked Return Value
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35235.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00388 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00388 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00388 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00388 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01515 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.01597 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
epss 0.14379 https://api.first.org/data/v1/epss?cve=CVE-2024-35235
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35235.json
https://api.first.org/data/v1/epss?cve=CVE-2024-35235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35235
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240
https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21
https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html
http://www.openwall.com/lists/oss-security/2024/06/11/1
http://www.openwall.com/lists/oss-security/2024/06/12/4
http://www.openwall.com/lists/oss-security/2024/06/12/5
http://www.openwall.com/lists/oss-security/2024/11/08/3
1073002 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073002
2290318 https://bugzilla.redhat.com/show_bug.cgi?id=2290318
CVE-2024-35235 https://nvd.nist.gov/vuln/detail/CVE-2024-35235
RHSA-2024:4265 https://access.redhat.com/errata/RHSA-2024:4265
RHSA-2024:4580 https://access.redhat.com/errata/RHSA-2024:4580
RHSA-2024:4715 https://access.redhat.com/errata/RHSA-2024:4715
RHSA-2024:4776 https://access.redhat.com/errata/RHSA-2024:4776
RHSA-2024:5644 https://access.redhat.com/errata/RHSA-2024:5644
USN-6844-1 https://usn.ubuntu.com/6844-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35235.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05170
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-05-27T16:09:13.312870+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 34.0.0rc4