CUPS(Common UNIX Printing System,通用Unix打印系统)是一个打印系统,它主要是使用 IPP(Internet Printing Protocol)等协议来管理打印工作及队列。
2024年9月27日,互联网上披露 Unix CUPS 远程代码执行详情,利用链涉及多个CVE(CVE-2024-47176/CVE-2024-47076/CVE-2024-47175/CVE-2024-47177等)。当cups-browsed进程监听(默认631端口)接收UDP数据包时,攻击者可构造恶意请求,在无需认证的情况下可能在受害者机器上执行任意命令,控制服务器。漏洞实际是否可利用和触发需要依赖具体环境(例如存在打印任务等)
root@kali:~/Desktop/cups# ./cups 192.168.50.128 192.168.50.11
Unix CUPS CVE-2024-47176 Vul Check
Author: 0x7556
2024/10/12 22:24:00 HTTP listener started on 192.168.50.128:8080
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
Scanning 1 IP addresses...
Progress: 100.00% (1/1)
Scan complete.
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0root@kali:~/Desktop/cups# ./cups 192.168.50.128 192.168.50.11/24
Unix CUPS CVE-2024-47176 Vul Check
Author: 0x7556
2024/10/12 22:24:14 HTTP listener started on 192.168.50.128:8080
Scanning 254 IP addresses...
Progress: 22.83% (58/254)IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
Progress: 62.60% (159/254)IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
Progress: 100.00% (254/254)
Scan complete.
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0