Critical vulnerabilites in CUPS have been disclosed ahead of the orignally planned schedule. The affected systems are officially described as “GNU/Linux and some BSDs” including Chromebooks.

Printers: The Overlooked Attack Vector

While much of the discussion has centered on traditional Unix-like systems, printers should not be ignored as their firmware may be built on Embedded Linux.

Detection Tool: CUPS-IPP Remote Vulnerability Detector

To aid in identifying potentially vulnerable systems, I’ve developed a Python script: CUPS-IPP Remote Vulnerability Detector.

This tool is designed to:

1. Discover printers on the local network using Zeroconf
2. Send specially crafted UDP packets to port 631
3. Probe for IPP (Internet Printing Protocol) information
4. Check for CUPS-specific indicators in IPP responses

Here’s a sample output from scanning:

[*] Discovering printers for 10 seconds...
[+] Discovered printer: redacted.local. (192.168.X.X:631)

[*] Discovered 1 printer(s).

[*] Analyzing discovered printers:

[*] Analyzing printer at 192.168.X.X
[+] UDP packet sent to 192.168.X.X:631
[-] No IPP response received
[+] Web interface checked, no obvious CUPS references
[*] No IPP response received from 192.168.X.X. This doesn't rule out other vulnerabilities in the chain.
[*] Note: This scan cannot detect the potential for command execution (CVE-2024-47177, CVSS 9.9).
[*] Further manual investigation is necessary for a comprehensive assessment.
[*] Analysis complete for 192.168.X.X

Green messages generally indicate lower risk, but it’s important to note that this tool cannot definitively rule out all vulnerabilities in the chain.

Broader Implications

While the focus has been on Linux and some BSD systems, it’s worth considering that other Unix-like systems might also be affected. This includes potential implications for macOS and iOS, though this remains unconfirmed. Additionally, older Mac Servers, if any are still in use, should be scrutinized.

It’s also noteworthy that Windows systems haven’t been thoroughly investigated in this context yet, leaving open the possibility of similar vulnerabilities in Windows-based print services.

Next Steps

1. Use the CUPS-IPP Remote Vulnerability Detector to scan your network for potentially vulnerable printers and devices.
2. Pay special attention to multifunction printers and other network-connected print devices.
3. Keep an eye out for updates from printer manufacturers, as they may release firmware updates to address this vulnerability.
4. Continue to monitor for patches and updates for all systems, including embedded devices that might be running vulnerable versions of CUPS.