Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect)

["Brewis, Mark" <mark.brewis () eds com>]

-----Original Message-----
From: Joshua Newton [mailto:babyswan () comcast net]
Sent: Wednesday, February 20, 2002 12:42 AM
To: bugtraq () securityfocus com
Subject: Re: Cert Advisory 2002-03 and HP JetDirect


> > In fact,while I'm at it, most every embedded IP stack I've ever seen has
been at
least this fragile, if not more so -- I've seen Intermec OpenAir access
points, Ricoh network print cards, and Powerware UPS SNMP boxes all
exhibit the same kind of awful -- and inexcusable -- fragility.<<

 
Quite often these are commercial, off the peg TCP/IP stacks.  I have seen
some dreadful examples, both in terms of fragility and of TCP sequence
number generation.  I've seen sequential, sequential based on standard
increments, and repeating sequences.

Commercial stacks are often found on network peripherals, and on printers in
particular.  The danger lies in the fact that these devices are seen as
'only' printers etc, when they are actually complex devices able to support
web and ftp servers, with processors and (sometimes significant) memory and
storage capabilities.  They are just another host on the network, with lots
of functionality and little or no security.

Compromise a network via the printers and you will have a network managers
attention.  The only problem lies in the paucity of solutions available to
correct the issue.

I'm working with one manufacturer to improve their product line, but
manufacturers in general have a long way to go.

Mark Brewis

Security Consultant
EDS
Information Assurance Group
Wavendon Tower
Milton Keynes
Buckinghamshire
MK17 8LX.

Tel:    +44 (0)1908 28 4234/4013
Fax:    +44 (0)1908 28 4393
E@:     mark.brewis () eds com
        mail () check-security demon co uk
PGP Key ID:
C36D 770F 49F7 CC91 2E5A  A2BE FE6E CD43 E6CD 9184