Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ?????: Security of PCL and PostScript

From: "Bourque Daniel" <Daniel.Bourque () loto-quebec com>
Date: Wed, 14 May 2008 17:56:01 -0400

Yes, more then 15 years ago, somebody distribute a postscript file that disable all printer, locking them up with a 
permanent password

No reboot would work..

Apple had to release a postcript file that unlock the printer...

Daniel Bourque
Loto-Québec
via Blackberry


----- Message d'origine -----
De : securityfocus2 () googlegroups com <securityfocus2 () googlegroups com>
À : Paul Johnston <paj () pajhome org uk>
Cc : security-basics () securityfocus com <security-basics () securityfocus com>
Envoyé : Wed May 14 09:55:07 2008
Objet : Ответ: Security of PCL and PostScript


Hi.


From my experience, there were cases where printer or print server has

hanged with a complex
document, and there fore need to be restarted. Perhaps, theoretically
you can exploit this not only for DOS. However I do not have
information about public exploits.


2008/5/13, Paul Johnston <paj () pajhome org uk>:

Hi,

I've been told a few times PCL and PostScript are fully functional
stack-based languages. Had anyone successfully compromised a printer, by
submitting a job that contains malicious PCl or PostScript? I'd be
particularly interested to know if this is an inherent weakness with the
languages, or a specific vulnerability that has existed in some versions of
printer firmware, but been patched since.

Regards,

Paul





-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com

Mise en garde concernant la confidentialité : Le présent message, comprenant tout fichier qui y est joint, est envoyé à 
l’intention exclusive de son destinataire; il est de nature confidentielle et peut constituer une information protégée 
par le secret professionnel. Si vous n’êtes pas le destinataire, nous vous avisons que toute impression, copie, 
distribution ou autre utilisation de ce message est strictement interdit. Si vous avez reçu ce courriel par erreur, 
veuillez en aviser immédiatement l’expéditeur par retour de courriel et le supprimer. Merci! 

Confidentiality Warning: This message, including any attachment, is sent only for the use of the intended recipient; it 
is confidential and may constitute privileged information. If you are not the intended recipient, you are hereby 
notified that any printing, copying, distribution or other use of this message is strictly prohibited. If you have 
received this email in error, please notify the sender immediately by return email, and delete it. Thank you!
Previous By Date Next
Previous By Thread Next

Current thread: