CVE-2024-45062
📋 TL;DR
A stack-based buffer overflow vulnerability in OpenPrinting ippusbxd 1.34 allows arbitrary code execution when a malicious IPP-over-USB printer is connected. This affects systems running the vulnerable ippusbxd service, typically Linux distributions that use it for printer communication. The vulnerability requires physical USB access to the system.
💻 Affected Systems
- OpenPrinting ippusbxd
📦 What is this software?
Ippusbxd Firmware by Openprinting
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root privileges leading to complete control of the affected system, data exfiltration, and lateral movement.
Likely Case
Local privilege escalation to root, installation of persistent backdoors, or disruption of printing services.
If Mitigated
Limited impact if USB device restrictions are enforced and the service runs with minimal privileges.
🎯 Exploit Status
Exploitation requires creating a malicious USB device that mimics an IPP-over-USB printer and connecting it to the target system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.35 or later
Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071
Restart Required: No
Instructions:
1. Update ippusbxd to version 1.35 or later using your distribution's package manager. 2. For source installations: download from OpenPrinting repository, compile, and replace the binary. 3. Restart the ippusbxd service if it doesn't auto-restart.
🔧 Temporary Workarounds
Disable ippusbxd service
systemd-based LinuxTemporarily stop and disable the ippusbxd service if IPP-over-USB printing is not required.
sudo systemctl stop ippusbxd
sudo systemctl disable ippusbxd
USB device restriction
LinuxUse USBGuard or similar tools to block unauthorized USB devices from connecting.
sudo apt install usbguard
sudo systemctl start usbguard
sudo usbguard generate-policy > /etc/usbguard/rules.conf
🧯 If You Can't Patch
- Disconnect all USB printers and use network printing instead.
- Implement strict physical security controls to prevent unauthorized USB device connections.
🔍 How to Verify
Check if Vulnerable:
Check ippusbxd version: run 'ippusbxd --version' or check package version with 'dpkg -l ippusbxd' or 'rpm -q ippusbxd'.Check Version:
ippusbxd --version 2>/dev/null || dpkg -l ippusbxd 2>/dev/null || rpm -q ippusbxd 2>/dev/nullVerify Fix Applied:
Confirm version is 1.35 or later using the same commands, and verify the service is running without errors.📡 Detection & Monitoring
Log Indicators:
- Unexpected USB device connections in system logs (/var/log/syslog, journalctl)
- ippusbxd service crashes or abnormal termination logs
Network Indicators:
- Unusual USB device traffic if monitored, though primarily local
SIEM Query:
source="*syslog*" AND (process="ippusbxd" AND ("segmentation fault" OR "buffer overflow" OR "crash")) OR (device_type="USB" AND vendor_id unusual)