Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

vulnerabilities of postscript printers
From: Bob Kryger <bobk () panix com>
Date: Thu, 22 Jan 2004 13:45:59 -0500
During one of our security reviews the following situation was uncovered. What are your thoughts?
Suppose a postscript printer has multiple interfaces connected to different networks, is there a way to leverage PostScript to create a vulnerability such as.
1. Allow an attacker log in to the printer and then gain access to the other network? 2. Create a postscipt program to send copies of printouts to one of the interfaces? 3. What if one of the interfaces is a JetDirect connected via a parallel port?
It has been suggested that PostScript is very powerful and can be used to accomplish a number of general purpose computing tasks including copying data from one port to another and examining memory. Since the parallel interface is bidirectional what is keeping data from being send from the printer to the network, breaching security.
My preliminary web searches do not reveal much in the way of postscript printer vulnerabilities. 

Thanks
Bob

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]