[Dshield] Known instances of malware using printers as an attack vector?

TheGesus thegesus at gmail.com
Wed Feb 28 16:06:52 GMT 2007


This ftp printer attack sounds interesting....

http://seclists.org/bugtraq/2006/Dec/0312.html

According to the author it can make certain HP printers unusable.  As
in DEAD.  Not even a power cycle revives them.  I never heard a
followup on that one.

If you have a Big Ass Xerox Printer printing your payroll/bills/etc,
chances are it has a Sun box attached to it that has never seen a
security patch.

nmap can often use a printer for an Idlescan...

http://insecure.org/nmap/idlescan.html

Although it doesn't involve printers directly, there was also lately
an HP print driver that offers near-instant privilege escalation to
SYSTEM...

http://secway.org/advisory/AD20070108.txt

We found it on over 170 workstations and 20 servers (in a 4000 user
environment).

On 2/27/07, ed.truitt at etee2k.net <ed.truitt at etee2k.net> wrote:
> I have been asked to look into whether our network printers present a
> level of risk to the network that is higher than has been the case in
> previous years.  In order to answer that question, I was wondering if
> anyone has solid evidence of the following:
>
> * Malware (of whatever type) that actually attacks printers, or uses a
> vulnerability found on a network printer to propogate
>
> * An increase in vendor disclosures of vulnerabilities in their
> printing products, and specifically an increase in the number of
> security fixes (patches) issued for printer-related vulnerabilities
>
> TIA for any assistance you can provide.
>
> ~Ed T.
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>


More information about the list mailing list