Bugtraq mailing list archives
Re: Unsecure Ftpd on HP PSC 2510 Printer
From: Lawrence MacIntyre <macintyrelp () ornl gov>
Date: Fri, 12 Nov 2004 10:51:06 -0500
Hmmm... The description in the original message (contained below) states that it has a write-only directory. I see the problem if you remove the write-only part;-) On Fri, 2004-11-12 at 10:47 -0500, KF_lists wrote:
Excuse me... Hijetter.exe uses port 9100 to dump files off... however you CAN retrieve them via port 21 AFTER dumping them off via port 9100. -KF Lawrence MacIntyre wrote:A write-only ftp server doesn't seem like a good place to do that since you can't get them back out... (nice try, though...) KF_lists wrote:Nothing like someone using the memory on your printer to stash a few files... http://www.phenoelit.de/hp/docu.html -KF Lawrence MacIntyre wrote:So why is this insecure? Why is this different from port 631 (ipp) or port 515 (lpd)? It's a printer. You give it a file, it prints it. The port or protocol it uses is immaterial... On Wed, 2004-11-10 at 15:26 -0600, Justin Rush wrote:Product Name: HP PSC 2510 Summary: Ftp print service is not configurable This printer comes with an ftp daemon which allows anonymous access, and drops the user into a write only directory. By default anyone from anywhere can drop a file into this directory and the printer will print the document. There is no documentation about this feature, nor is there anyway to change (enable/disable) it via any of their software or on the printer itself. HP Tech. support says that if you don't want this feature then you should hook up the printer as a local printer, however this printer comes with both wireless and wired connectors on the back. Justin Rush jrush () scout wisc edu
--
Lawrence MacIntyre 865.574.8696 macintyrelp () ornl gov
Oak Ridge National Laboratory
High Performance Information Infrastructure Technology Group
AKO: lawrence.macintyre () us army mil
SIPRNet: macintyrelp () ornl doe sgov gov
Current thread:
- Unsecure Ftpd on HP PSC 2510 Printer Justin Rush (Nov 10)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)