HP ISSUES PRINTER SECURITY ALERT !

  • ink-direct-banner-902-x-177-v-1-2-big-banner-03-23-2017
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • 161213_banner_futorag_902x177px
  • 2toner1-2
  • 536716a_green_sweep_web_banner_902x17712
  • futor_902x177v7-tonernew
  • Print
  • 4toner4
  • banner-01-26-17b
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212
Share

HP ISSUES PRINTER SECURITY ALERT !

 user 2006-04-11 at 9:43:00 am Views: 46
  • #15078

    Hewlett-Packard Issues Printer Security Alert
    Apr
    06Hewlett-Packard has noted that a vulnerability in the software that
    ships with two of its printers could open a Windows PC to attack. The
    security flaws, reported by HP and security firm Secunia, was
    discovered by Richard Horsman of Sec-1.com.

    Horsman
    discovered that a vulnerability exists in the Toolbox software that
    comes with HP’s Color LaserJet 2500 and 4600 printers. If exploited,
    the flaw could allow an unauthorized user to pull files from a Windows
    machine running on the same network as one of the printers.
    The flaw is exploitable only if the software is running in its default configuration, HP noted in its security alert.
    Broken Toolbox
    Like
    similar programs from other printer vendors, HP’s Toolbox software
    installs automatically onto a PC, along with necessary print drivers.
    The program is designed to give users print-status information, such as
    where their documents are in a queue, as well as troubleshooting data
    The
    flaw is caused by an input-validation error in the server that is part
    of the software, according to Secunia’s alert. This can be exploited to
    “disclose the contents of arbitrary files via directory traversal
    attacks,” the firm noted.
    Although the vulnerability would allow
    unauthorized attackers to enter a system and possibly gain
    administrative-level control over the computer, Secunia rates the issue
    as “less critical.”
    HP already has issued a patch, which is
    available on the company’s Web site. In a statement, HP noted that it
    will be broadly distributing the security bulletin because it feels the
    issue warrants a widespread alert.
    Net Work
    Although the HP
    software flaw is specific to a limited amount of printers, enterprises
    need to be cautious about printers in general, said Secunia chief
    technology officer Thomas Kristensen.
    Often, I.T. locks down other
    parts of the network but fails to recognize printers as a viable risk,
    yet hackers are well aware that they can sneak into a system through
    such an unprotected avenue.
    “Since printers are connected to the
    network, they can be vulnerable,” said Kristensen. “Attackers might use
    a printer connection to get to other parts of a system, and sometimes
    it’s very easy to get into a company that way.”
    Secunia recommends that enterprises put added protection in place for printers, and limit or supervise user access.