[Intrusions] Does anyone know of references for printer exploits?

Hensinger Aaron D Contr MCOM aaron.hensinger at schriever.af.mil
Fri Feb 11 19:26:22 GMT 2005 

Most of the printers are older HP's which are running on the HP version
of UNIX. The majorities of these do not have any advanced features and
therefore are very limited in the disk space contained within. We do
have boundary protection in place, so am not necessarily concerned with
the outsider threat but more from an insider perspective. So far I have
been pretty unsuccessful at gaining much of anything from them as they
are now with the limited disk space.

Thanks for your insight and responses.

Aaron

-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org] On Behalf Of Sean Rooney
Sent: Sunday, February 06, 2005 9:27 PM
To: Intrusions List (GCIA Practicals)
Subject: Re: [Intrusions] Does anyone know of references for printer
exploits?

theres all sorts of network attached printers that run all sorts of 
embedded OS's... question; are these NFS mount sightings based on 
simply cross referencing open ports to a list of associated services?  
are you verifying these findings by for example trying to mount these 
nfs points??  some might be false positives.

what types of printers are exhibiting this behaviour??

if you dont mind my asking.

I have seen reference docs on bugtraq over the years that talk about 
some models of HP, QMS and Agfa network attached printers and RIP 
subsystems.

Cheers
-s

On 3-Feb-05, at 11:43 AM, Hensinger Aaron D Contr MCOM wrote:

> A recent ISS security scan showed numerous printers as having NFS 
> mounts
> available on them. They are rated as a HIGH risk, but reference
servers
> in their remarks for corrective action. I was curious if anyone knew
if
> this was indeed a HIGH risk in regards to printers and if so does 
> anyone
> have a link they could share about any exploits that may take
advantage
> of this?
>
>
>
> Thanks,
>
> Aaron

-------------------------------------------------------------
Sean Rooney, CTO
ColdStream Associates Ltd.
PGP fingerprint:
C32C 88A0 86A8 2BBE 2911  D855 1CE1 1679 6B52 405C
"Illos laetae devorunt, qui nos subicient."

TigerTeaming Whitepaper:
http://www.coldstream.ca/resources/tigerteams.pdf

Ask about our spring special for packaged ISO17799  IT-Security Audits

_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions

More information about the Intrusions mailing list