Bugtraq mailing list archives
Possible Windows 9x Shared Printers Security Hole
From: webmaster () PRAETORIANS NET (Luis Martin-Santos)
Date: Sun, 15 Aug 1999 15:39:27 -0000
Hi to all the comunity! First of all , this is my first Post to the bugtraq , and wish it is not the last one. Let´s see the possible hole. I was running some Windows 95 OSR2.1 Machines on a local network when I decided to share the NEC Pinwriter printer in PC1. I Checked on "Allow other users to share my printers" and reseted to the changes took part. After all the process done , I tried to install the shared printer in the PC2 and , for my surprise , I found that the drivers from the Printer where DOWNLOADED from PC1 . This can allow a Print Server to execute Arbitrary Code on any machine. Since .DRV and .DLL are binary files with integrated Printer API Calls , malicious user has only to wrap the Print call in the DLL and insert his/her code instead of the original one . Note that no user restrictions are used on w9x , so that code could execute any kind of service or program . Even a Visual Basic DLL could exploit this vulnerability. Well , I have contributed with my part . Hope you all find either a way to install a printer remotely on W95/98 or a way to fix this problem :)) Bye webmaster () praetorians net
Current thread:
- QMS 2060 printer security hole, (continued)
- QMS 2060 printer security hole Frank Bures (Aug 18)
- DOS against SuSE's identd Hendrik Scholz (Aug 14)
- Re: DOS against SuSE's identd Danton Nunes (Aug 16)
- Re: DOS against SuSE's identd Volker Wiegand (Aug 17)
- Re: DOS against SuSE's identd Alan Brown (Aug 16)
- AOL Buffer Overflow??? Robert Graham (Aug 16)
- Re: DOS against SuSE's identd Seth R Arnold (Aug 17)
- Re: DOS against SuSE's identd Danton Nunes (Aug 16)
- Mandrake 6.0 .Xauthority Elmer Joandi (Aug 15)
- IE5 ACL protected pages viewable from cache by unauthorized user J.Kent Robinson (Aug 15)
- Re: IE5 ACL protected pages viewable from cache by unauthorized user David Schwartz (Aug 16)
- Possible Windows 9x Shared Printers Security Hole Luis Martin-Santos (Aug 15)
- Re-release: Microsoft Security Bulletin (MS99-029) Aleph One (Aug 16)
- Re: Possible Windows 9x Shared Printers Security Hole x-empt [ lvhc / lou ] (Aug 16)