Vulnerability Development mailing list archives
Re: HP LaserJet 4 Series Jet Direct (and others)
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sun, 18 Jun 2000 21:31:19 -0700
Joel Michael wrote:
I would consider this a DOS, because, as you said, it can easily run out of toner/paper. Another potential problem is if someone pushes something offensive down to the printer, and just leaves it for the next person to pick up.
OK, I didn't mean to imply with my smart-ass answer that this isn't a problem... just that it's not the problem originally stated in the first post. (i.e. the problem, as stated by Joel, is that people can get to your printer AT ALL. It doesn't matter if they get there via netcat or Windows printer sharing.) I like the printing offensive things... that's a cute one. Along the lines of stuff I am curious about.... Postscript.. as it lives in printers... One attack I thught up years ago and did nothing with: Postscript printers (at least the Laser Writers) had a password feature. If no password was set, anyone could set one. Then the printer wouldn't accept any jobs without the password. You then couldn't take the password off without the password (or openeing the printer case...) I've seen lots of cool Postscript programming examples by that secret money-making tinaja quest... Don Lancaster? Anwyay, I'd been curious, and never followed up on whether or not the Postscript interpreter had access to the network stack. Would it be possible to write a Postscript worm that went looking for printers, propagated itself, and set passwords? As to other printer fun. Joel mentioned FTP built into the Kyocera printers. Who wants to be that it would be vulnerable to the FTP bounce attack? BB
Current thread:
- Re: Firewalls and stuff (Was about N2H2), (continued)
- Re: Firewalls and stuff (Was about N2H2) Mark (Jun 17)
- Re: Firewalls and stuff (Was about N2H2) Crispin Cowan (Jun 17)
- (no subject) Bluefish (Jun 18)
- Re: N2H2 Web Proxy/Filter appliance Eric Wanner (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Bluefish (Jun 18)
- HP LaserJet 4 Series Jet Direct Ryan Yagatich (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Joel Michael (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Steven Duckworth (Jun 19)
- omni backup program Antonomasia (Jun 19)
- Re: HP LaserJet 4 Series Jet Direct Felix von Leitner (Jun 21)
- [Fwd: Exploit code for PalmOS] Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Max Vision (Jun 18)