Network printers could compromise security

News

Network printers could compromise security

Attackers could be using your printer networks to launch denial-of-service attacks, according to US researchers.

The CERT Coordination Centre, a research and development centre funded by the US government, warned that multiple vulnerabilities exist in several implementations of the line printer systems software. These holes could allow intruders to gain root privileges and launch denial-of-service attacks through IBM AIX, FreeBSD, netBSD and openBSD line printers, and Hewlett-Packard's HP-UX line printers.

CERT said some of the problems had already been publicised, but added: "We believe many systems and network administrators may have overlooked one or more of these vulnerabilities."

In an advisory statement, CERT said: "We are issuing this document primarily to encourage systems and network administrators to check their systems for exposure to each of these vulnerabilities, even if they have addressed some vulnerabilities recently."

The problems relate to buffer overflow issues that allow remote users to gain root access to servers, the statement said.

An intruder can send a specially crafted print job to the target and then request a display of the print queue to trigger the buffer overflow. The intruder may be able use this overflow to execute arbitrary commands on the system with so-called super-user privileges.

Patches exist for some of the holes, and individual vendors should be contacted. A more detailed explanation of these problems can be found on CERT's advisory page.

More information
CERT: www.cert.org

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy