Printer Hacking for Fun and Profit

Published: 2006-08-25
Last Updated: 2006-08-25 18:06:43 UTC
by John Bambenek (Version: 1)
0 comment(s)
Nate Johnson and Sean Krulewitch of Indiana University discovered two vulnerabilities with the Fjui Xerox Printing System.  In the United States this effects Dell branded printers (specifically the color laser 3100 and 5100).  There are Japanese printers that are affected but I don't read Japanese and I'm not sure that information has gone public on the Japanese CERT lists (if someone sees it, let me know).  Apparently one of these Japanese printers doesn't release firmware updates and customers have to pay maintenance for a technician to come out and update the firmware.

FTP Bounce Attack (CVE-2006-2112):

If FTP printing is enabled (and reportedly is by default), a vulnerability exists in the FTP PORT command that lets malicious users establish connections to ports on another system.  This would allow anonymous scanning by a hacker for reconnaissance purposes.

HTTP authentication bypass (CVE-2006-2113):

If the printer allows for HTTP access to modify system settings, a vulnerability exists to bypass the administrator password and would allow a malicious user to gain complete control of the printer.  This would include loading new and potentially malicious firmware.  (Think a small linux distro with hacking tools and SSH access.)

Remediation:

First, if you aren't using FTP printing or HTTP-based printer management, those should be turned off anyway.  If you must run them, apply vendor patches which in the case of Dell, are already available.

--
John Bambenek
bambenek /at/ gmail /dot/ com
Keywords:
0 comment(s)

Comments


Diary Archives