Network printers could compromise security


Network printers could compromise security

Attackers could be using your printer networks to launch denial-of-service attacks, according to US researchers.

The CERT Coordination Centre, a research and development centre funded by the US government, warned that multiple vulnerabilities exist in several implementations of the line printer systems software. These holes could allow intruders to gain root privileges and launch denial-of-service attacks through IBM AIX, FreeBSD, netBSD and openBSD line printers, and Hewlett-Packard's HP-UX line printers.

CERT said some of the problems had already been publicised, but added: "We believe many systems and network administrators may have overlooked one or more of these vulnerabilities."

In an advisory statement, CERT said: "We are issuing this document primarily to encourage systems and network administrators to check their systems for exposure to each of these vulnerabilities, even if they have addressed some vulnerabilities recently."

The problems relate to buffer overflow issues that allow remote users to gain root access to servers, the statement said.

An intruder can send a specially crafted print job to the target and then request a display of the print queue to trigger the buffer overflow. The intruder may be able use this overflow to execute arbitrary commands on the system with so-called super-user privileges.

Patches exist for some of the holes, and individual vendors should be contacted. A more detailed explanation of these problems can be found on CERT's advisory page.

More information

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy