Hewlett-Packard Issues Printer Security Alert
Apr
06Hewlett-Packard has noted that a vulnerability in the software that
ships with two of its printers could open a Windows PC to attack. The
security flaws, reported by HP and security firm Secunia, was
discovered by Richard Horsman of Sec-1.com.
Horsman
discovered that a vulnerability exists in the Toolbox software that
comes with HP’s Color LaserJet 2500 and 4600 printers. If exploited,
the flaw could allow an unauthorized user to pull files from a Windows
machine running on the same network as one of the printers.
The flaw is exploitable only if the software is running in its default configuration, HP noted in its security alert.
Broken Toolbox
Like
similar programs from other printer vendors, HP’s Toolbox software
installs automatically onto a PC, along with necessary print drivers.
The program is designed to give users print-status information, such as
where their documents are in a queue, as well as troubleshooting data
The
flaw is caused by an input-validation error in the server that is part
of the software, according to Secunia’s alert. This can be exploited to
“disclose the contents of arbitrary files via directory traversal
attacks,” the firm noted.
Although the vulnerability would allow
unauthorized attackers to enter a system and possibly gain
administrative-level control over the computer, Secunia rates the issue
as “less critical.”
HP already has issued a patch, which is
available on the company’s Web site. In a statement, HP noted that it
will be broadly distributing the security bulletin because it feels the
issue warrants a widespread alert.
Net Work
Although the HP
software flaw is specific to a limited amount of printers, enterprises
need to be cautious about printers in general, said Secunia chief
technology officer Thomas Kristensen.
Often, I.T. locks down other
parts of the network but fails to recognize printers as a viable risk,
yet hackers are well aware that they can sneak into a system through
such an unprotected avenue.
“Since printers are connected to the
network, they can be vulnerable,” said Kristensen. “Attackers might use
a printer connection to get to other parts of a system, and sometimes
it’s very easy to get into a company that way.”
Secunia recommends that enterprises put added protection in place for printers, and limit or supervise user access.