[Intrusions] Does anyone know of references for printer exploits?
Jon Hart
warchild at spoofed.org
Wed Feb 9 17:09:04 GMT 2005
On Mon, Feb 07, 2005 at 07:51:48AM -0000, PPowenski at oag.com wrote:
> You really need to investigate what is on the printers.
> Some printers have solaris loaded onto them for handling extensive
> fonts, postscript processing, and queing large printe jobs. I have
> worked with Tektronix printers setup like this. You can logon to the
> printer's os and make changes. If the OS has no hardening or patches
> then this is the source of the ISS alerts.
In addition to the fact that the printer may actually be running
Solaris under the hood, PJL itself and many of the other services and
protocols used on many HP or jetdirect printers are fairly ripe for the
picking.
Among the particularly interesting PJL commands are:
INITIALIZE
INQUIRE/DINQUIRE
INFO
RDYMSG
OPMSG
STMSG
FSAPPEND
FSDELETE
FSDIRLIST
FSDOWNLOAD
FSINIT
FSMKDIR
FSQUERY
FSUPLOAD
Also, see FX's documents on this:
http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt
http://www.phenoelit.de/hp/
-jon
More information about the Intrusions
mailing list