sfx2000
Part of the Furniture
https://isc.sans.edu/diary/Multiple+vulnerabilities+discovered+in+popular+printer+models/22023
Researchers from University Alliance Ruhr have announced that they have discovered vulnerabilities in popular laser printers including models from HP, Lexmark, Dell, Brother, Konica and Samsung. The announced vulnerabilities have a range of effects, but could permit the contents of print jobs to be captured, permit delivery of buffer overflow exploits, password disclosure or even damage to the printer.
The vulnerabilities are in PostScript and Printer Job Language (PJL) and have been around for decades, exploiting limitations of the languages used by most printers. The vulnerabilities can definitely be exploited from the local network, but it is possible that a malicious website could also use cross-site scripting to exploit the vulnerabilities.
It is estimated that up to 60,000 currently deployed printers may be vulnerable.
More information on the research can be found at hacking-printers.net
The researchers have also developed and set of tools called the Printer Exploitation Toolkit (PRET) which can be used to launch the attacks against these vulnerabilities.
The vulnerability disclosures are:
PostScript printers vulnerable to print job capture
Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL
HP printers restoring factory defaults through PML commands
Multiple vendors buffer overflow in LPD daemon and PJL interpreter
Brother printers vulnerable to memory access via PJL commands
Multiple vendors physical NVRAM damage via PJL commands
Researchers from University Alliance Ruhr have announced that they have discovered vulnerabilities in popular laser printers including models from HP, Lexmark, Dell, Brother, Konica and Samsung. The announced vulnerabilities have a range of effects, but could permit the contents of print jobs to be captured, permit delivery of buffer overflow exploits, password disclosure or even damage to the printer.
The vulnerabilities are in PostScript and Printer Job Language (PJL) and have been around for decades, exploiting limitations of the languages used by most printers. The vulnerabilities can definitely be exploited from the local network, but it is possible that a malicious website could also use cross-site scripting to exploit the vulnerabilities.
It is estimated that up to 60,000 currently deployed printers may be vulnerable.
More information on the research can be found at hacking-printers.net
The researchers have also developed and set of tools called the Printer Exploitation Toolkit (PRET) which can be used to launch the attacks against these vulnerabilities.
The vulnerability disclosures are:
PostScript printers vulnerable to print job capture
Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL
HP printers restoring factory defaults through PML commands
Multiple vendors buffer overflow in LPD daemon and PJL interpreter
Brother printers vulnerable to memory access via PJL commands
Multiple vendors physical NVRAM damage via PJL commands
