top | item 41663577

(no title)

Is there a recommended (best practice) way to nmap scan your network for vulnerable machines, just to be safe?

From Red Hat's statement: > Red Hat rates these issues with a severity impact of Important. While all versions of RHEL are affected, it is important to note that affected packages are not vulnerable in their default configuration.

Basically, Red Hat machines aren't vulnerable unless "the cups-browsed service has manually been enabled or started."

https://www.redhat.com/en/blog/red-hat-response-openprinting...

discuss

nobody9999|1 year ago

>Is there a recommended (best practice) way to nmap scan your network for vulnerable machines, just to be safe?

Perhaps something like this?

   nmap -sU -p 631 -P0 [network]/[mask]

Edit: Added [network]/[mask] for completeness.

moyix|1 year ago

nmap can't really tell the difference between an open or a firewalled UDP port. For this specific vuln you can send it a packet like:

echo "0 3 http://myserver:PORT/printers/foo" | nc -u target 631

And if the target is running CUPS on that port it will reach out to `myserver:PORT` and POST some data. The downside is you need to have a server running that can accept inbound requests to see if it connects back.

pushupentry1219|1 year ago

Corporate organisations make use of platforms like Nessus/Tenable to provide this continuous vuln scanning for compliance reasons.

Under the hood its basically running an nmap scan and spitting out a PDF report.