Bugtraq mailing list archives
QMS 2060 printer security hole
From: lisfrank () CHEM TORONTO EDU (Frank Bures)
Date: Wed, 18 Aug 1999 10:02:13 -0400
I am in contact with the QMS customer support and they assured me they will work on the solution to the problem. In the meantime, though, I think it is important to let everyone know about this possible security hole. There's a gapping security hole in QMS-2060 network printer that enables a root access to the printer WITHOUT password protection: According to the printer manual, one has to install file passwd.ftp in the printer in order to establish eligible users and their passwords. After the file has been installed, all the users mentioned in the file HAVE to provide their passwords to log on the printer EXCEPT root, even if root and his password are explicitly mentioned in the file. It means that ANYONE can log on the printer as root, rewrite the passwd.ftp file with an arbitrary file and disable an access to the printer to anyone else. This person can also change the file hosts, that list machines, which are allowed to connect to the printer. So, anyone can rewrite passwd.ftp file and hosts file, print out hundreds of pages directly from his own machine without being registered by the lp accounting system on the server and then put the original files back to cover his tracks. I will post here the solution from QMS as soon as it is found. Frank Bures, Dept. of Chemistry, University of Toronto, M5S 3H6 fbures () chem toronto edu http://frank.chem.utoronto.ca/electronics
Current thread:
- Possible Denial Of Service using DNS Carlos Veira (Aug 10)
- Re: Possible Denial Of Service using DNS marka () ISC ORG (Aug 10)
- Re: Possible Denial Of Service using DNS David Schwartz (Aug 10)
- QMS 2060 printer security hole Frank Bures (Aug 18)
- DOS against SuSE's identd Hendrik Scholz (Aug 14)
- Re: DOS against SuSE's identd Danton Nunes (Aug 16)
- Re: DOS against SuSE's identd Volker Wiegand (Aug 17)
- Re: DOS against SuSE's identd Alan Brown (Aug 16)
- AOL Buffer Overflow??? Robert Graham (Aug 16)
- Re: DOS against SuSE's identd Seth R Arnold (Aug 17)
- Re: DOS against SuSE's identd Danton Nunes (Aug 16)
- Mandrake 6.0 .Xauthority Elmer Joandi (Aug 15)
- IE5 ACL protected pages viewable from cache by unauthorized user J.Kent Robinson (Aug 15)
- Re: IE5 ACL protected pages viewable from cache by unauthorized user David Schwartz (Aug 16)
- Possible Windows 9x Shared Printers Security Hole Luis Martin-Santos (Aug 15)
(Thread continues...)