> Everything I have read concerning SNMP vulnerabilities and printers refer > to the Community Name and the fact that most vendors have no method for > allowing Administrators to change those strings. Is it possible for an > attacker to use default community names of printers to gain access to > other parts of the enterprise? Some of the data I have read state that Sure. SOme printers like the newer HP ones are essentially an X86 box with lots of memory/hd running linux/apache/samba/LPD/etc/etc. If an attacker gets in their they can install tools and launch pretty much any attack they want, or tunnel network traffic, or whatever. Or simply make a copy of all print jobs and send them "home" for bedtime reading (thus bypassing all your fancy security). > attacking the printer mib using the community string for the printer will > only allow attackers to joy ride around the print server and printers. That would be great if all the printers did was print. Alas they also do networking, SNMP, LPD, see above for the full blown OS comments. > Then other data state that the printers community string will allow > attackers to obtain the http passwords and other network access password. > 99% of those devices listed were just HP printers and did not state that > these printers had the ability to network scan, scan to email, or scan to > desktop. This bring another caviot into the mix in that these systems use > http, smtp and other ports. Has anyone seen, heard or have any data on > vulnerabilities with these systems? Some of them run a pretty complete linux system. When's the last time you install an Apache/Samba/LPD update on your spiffy HP printer? I'm going to bet on "never". > John Beuke Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 10:36:47 PDT