A newly discovered vulnerability in the Ubuntu 22.04 printing subsystem, specifically within the “ippusbxd” package, has raised concerns about potential remote exploitation. The vulnerability was identified during an audit of the macOS printing subsystem, which shares a foundational codebase with the open-source CUPS package. Talos researchers investigated the issue, focusing on the IPP-USB protocol, which facilitates network printing over the Internet Printing Protocol (IPP) for USB-connected printers. Their investigation led them to the “ippusbxd” package, which handles the protocol in Ubuntu 22.04, where they identified a buffer overflow vulnerability within the get_format_paper function.
This flaw is triggered by improper use of the strncpy function in the code, where the length argument is derived from the source operand’s length rather than the destination buffer’s size.
This mistake allows an attacker to exploit the vulnerability by connecting a malicious printer that reports unusually large media sizes, which could cause a buffer overflow. As a result, the attacker could potentially execute arbitrary code with elevated privileges on a locked laptop running Ubuntu 22.04, exposing the system to significant risks. Researchers confirmed the issue with a proof-of-concept (PoC) exploit using a Raspberry Pi Zero emulating a malicious USB printer.
Despite the severity of the vulnerability, the exploitation was largely mitigated by modern compiler features like “FORTIFY_SOURCE.” This feature detected the potential overflow during the compilation process and replaced unsafe functions with safer alternatives, preventing code execution and limiting the impact of the attack to a system crash. The vulnerability was further contained by the fact that the “ippusbxd” package has been largely replaced in newer versions of Ubuntu by the more secure “ipp-usb” package, which is written in a memory-safe language, thus eliminating the risk of buffer overflows. This transition underscores the importance of modern development practices and compiler security features in reducing potential attack surfaces.
For users of Ubuntu 22.04 LTS, experts recommend ensuring that the newer “ipp-usb” package is installed and removing the vulnerable “ippusbxd” package if it is present. Additionally, users are encouraged to apply all system updates through sudo apt update && sudo apt upgrade and restart printing services to ensure they are running the most secure versions of the software. In addition to these software updates, physical security measures should be taken to restrict USB device access and prevent unauthorized hardware connections, which could be used to exploit vulnerabilities like this one.
