CVE-2024-35235

Name of the Vulnerable Software and Affected Versions: OpenPrinting CUPS versions 2.4.8 and earlier

Description: The issue is related to the cupsd server, which can be caused to perform an arbitrary chmod of the provided argument when starting with a Listen configuration item pointing to a symbolic link. This can result in world-writable access to the target, allowing the change of permission of any user or system files to be world writable. On Ubuntu systems, this vulnerability is limited to those files modifiable by the cupsd process. It is possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a FoomaticRIPCommandLine argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution.

Recommendations: For OpenPrinting CUPS versions 2.4.8 and earlier, apply the patch from commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d to resolve the issue. As a temporary workaround, consider restricting access to the Listen configuration item and the FoomaticRIPCommandLine argument to minimize the risk of exploitation.