来源

关联漏洞

描述

Unix CUPS打印系统 远程代码执行漏洞

介绍

# CVE-2024-47176
CUPS（Common UNIX Printing System，通用Unix打印系统）是一个打印系统，它主要是使用 IPP（Internet Printing Protocol）等协议来管理打印工作及队列。

2024年9月27日，互联网上披露 Unix CUPS 远程代码执行详情，利用链涉及多个CVE（CVE-2024-47176/CVE-2024-47076/CVE-2024-47175/CVE-2024-47177等）。当cups-browsed进程监听（默认631端口）接收UDP数据包时，攻击者可构造恶意请求，在无需认证的情况下可能在受害者机器上执行任意命令，控制服务器。漏洞实际是否可利用和触发需要依赖具体环境（例如存在打印任务等）

### 扫描指定IP
```bash
root@kali:~/Desktop/cups# ./cups 192.168.50.128 192.168.50.11
Unix CUPS CVE-2024-47176 Vul Check
Author: 0x7556
2024/10/12 22:24:00 HTTP listener started on 192.168.50.128:8080
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
Scanning 1 IP addresses...
Progress: 100.00% (1/1)
Scan complete.
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
```

### 扫描CIDR 例如 C段

```bash
root@kali:~/Desktop/cups# ./cups 192.168.50.128 192.168.50.11/24
Unix CUPS CVE-2024-47176 Vul Check
Author: 0x7556
2024/10/12 22:24:14 HTTP listener started on 192.168.50.128:8080
Scanning 254 IP addresses...
Progress: 22.83% (58/254)IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
Progress: 62.60% (159/254)IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
Progress: 100.00% (254/254)
Scan complete.
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0
IP: 192.168.50.11 VUL: CUPS/2.2.7 (Linux 4.18.0-15-generic; x86_64) IPP/2.0 
```

文件快照

 [4.0K]  /data/pocs/6678b4a4e05a0356492b71ecfd13dbdbf0ff235b
├── [1.4M]  cups.arm
├── [1.3M]  cups.exe
├── [1.4M]  cups.lnx
├── [1.5M]  cups.mac
├── [1.4M]  cups.mips
├── [1.4M]  cups.mipsle
├── [1.8K]  README.md
└── [ 88K]  scan.png

0 directories, 8 files

备注