Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RES: SNMP vulnerability test?

From: "Kurt Seifried" <bt () seifried org>
Date: Mon, 14 Oct 2002 22:56:19 -0700
Everything I have read concerning SNMP vulnerabilities and printers refer
to the Community Name and the fact that most vendors have no method for
allowing Administrators to change those strings. Is it possible for an
attacker to use default community names of printers to gain access to
other parts of the enterprise? Some of the data I have read state that


Sure. SOme printers like the newer HP ones are essentially an X86 box with
lots of memory/hd running linux/apache/samba/LPD/etc/etc. If an attacker
gets in their they can install tools and launch pretty much any attack they
want, or tunnel network traffic, or whatever. Or simply make a copy of all
print jobs and send them "home" for bedtime reading (thus bypassing all your
fancy security).


attacking the printer mib using the community string for the printer will
only allow attackers to joy ride around the print server and printers.


That would be great if all the printers did was print. Alas they also do
networking, SNMP, LPD, see above for the full blown OS comments.


Then other data state that the printers community string will allow
attackers to obtain the http passwords and other network access password.
99% of those devices listed were just HP printers and did not state that
these printers had the ability to network scan, scan to email, or scan to
desktop. This bring another caviot into the mix in that these systems use
http, smtp and other ports. Has anyone seen, heard or have any data on
vulnerabilities with these systems?


Some of them run a pretty complete linux system. When's the last time you
install an Apache/Samba/LPD update on your spiffy HP printer? I'm going to
bet on "never".


John Beuke


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: