Security Basics mailing list archives
Re: ?????: Security of PCL and PostScript
From: "Bourque Daniel" <Daniel.Bourque () loto-quebec com>
Date: Wed, 14 May 2008 17:56:01 -0400
Yes, more then 15 years ago, somebody distribute a postscript file that disable all printer, locking them up with a permanent password No reboot would work.. Apple had to release a postcript file that unlock the printer... Daniel Bourque Loto-Québec via Blackberry ----- Message d'origine ----- De : securityfocus2 () googlegroups com <securityfocus2 () googlegroups com> À : Paul Johnston <paj () pajhome org uk> Cc : security-basics () securityfocus com <security-basics () securityfocus com> Envoyé : Wed May 14 09:55:07 2008 Objet : Ответ: Security of PCL and PostScript Hi.
From my experience, there were cases where printer or print server has
hanged with a complex document, and there fore need to be restarted. Perhaps, theoretically you can exploit this not only for DOS. However I do not have information about public exploits. 2008/5/13, Paul Johnston <paj () pajhome org uk>:
Hi, I've been told a few times PCL and PostScript are fully functional stack-based languages. Had anyone successfully compromised a printer, by submitting a job that contains malicious PCl or PostScript? I'd be particularly interested to know if this is an inherent weakness with the languages, or a specific vulnerability that has existed in some versions of printer firmware, but been patched since. Regards, Paul
-- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com Mise en garde concernant la confidentialité : Le présent message, comprenant tout fichier qui y est joint, est envoyé à l’intention exclusive de son destinataire; il est de nature confidentielle et peut constituer une information protégée par le secret professionnel. Si vous n’êtes pas le destinataire, nous vous avisons que toute impression, copie, distribution ou autre utilisation de ce message est strictement interdit. Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement l’expéditeur par retour de courriel et le supprimer. Merci! Confidentiality Warning: This message, including any attachment, is sent only for the use of the intended recipient; it is confidential and may constitute privileged information. If you are not the intended recipient, you are hereby notified that any printing, copying, distribution or other use of this message is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email, and delete it. Thank you!
Current thread:
- Re: ?????: Security of PCL and PostScript Bourque Daniel (May 14)