Full Disclosure mailing list archives
Re: Re: vulnerabilities of postscript printers
From: Valdis.Kletnieks () vt edu
Date: Fri, 23 Jan 2004 20:46:04 -0500
On Sat, 24 Jan 2004 00:11:50 +0100, Michael Zimmermann said:
Security critical networks should not share printers with insecure nets - no physical connection should be there. And a PostScript printer is a possible "tunnel" and can even be "owned" - depending on it's hardware + software situation.
For that matter, if the printer has a disk, and a "printout" from the insecure net can get the system password, is it able to scavenge data from old jobs off the disk? Most modern multi-user operating systems manage to do this correctly, but there's still the occasional screw-up (how many times have we seen "Program XYZ embeds random data in files" exposures?)
Attachment:
_bin
Description:
Current thread:
- Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 23)
- Re: Re: vulnerabilities of postscript printers Valdis . Kletnieks (Jan 23)
- Re: Re: vulnerabilities of postscript printers Ka (Jan 23)
- RE: Re: vulnerabilities of postscript printers Chris DeVoney (Jan 25)
- Re: Re: vulnerabilities of postscript printers Ka (Jan 23)
- Re: Re: vulnerabilities of postscript printers Darren Reed (Jan 23)
- Re: Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 26)
- <Possible follow-ups>
- Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 24)
- Re: vulnerabilities of postscript printers der Mouse (Jan 24)
- Re: Re: vulnerabilities of postscript printers Valdis . Kletnieks (Jan 23)