Full Disclosure
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 3 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
abusing Brother’s proprietary PJL extensions to dump the printers NVRAM
and gain access to interesting stuff like passwords. The attack can be
performed by anyone…
Posted by gp on Jan 30
Hello,
The last time I contacted them they did not care about this. It’s
basically a feature. They also used to (or still do) reset SSH host keys
and other things.
A suggested workaround if I remember correctly was to set a sticky bit
on the files you did not want their bootstrap script to modify. I have
no idea if this works or if it makes sense as I worked around the
problem another way.
Have you tried reaching support about it? I…
Posted by Olivier Bilodeau on Jan 30
NorthSec’s training sessions are announced!
https://www.nsec.io/training-sessions/
Attacking the Web: With Great Power Comes Great Vulnerabilities
<https://www.nsec.io/2017/01/attacking-the-web-training_with-great-power-comes-great-vulnerabilities/>
By: Philippe Arteau of FindSecurityBugs and .Net Security Guard open source
projects
An advanced Web application security class covering topics such as Advanced
XSS (DOM, Angular,…
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 4 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
buffer overflows in the printer’s LPD daemon and PJL interpreter which
leads to denial of service or potentially even to code execution. The
attack can be…
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 5 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
resetting a printer to factory defaults through ordinary print jobs,
therefore bypassing all protection mechanisms like user-set passwords.
The attack can be performed…
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 2 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
accessing a printers file system through ordinary PostScript or PJL
based print jobs — since decades a documented feature of both
languages. The attack can be…
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 1 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
manipulating and obtaining documents printed by other users, which can
be accomplished by infecting the printer with PostScript malware. This
vulnerability has…
Posted by Pedro Ribeiro on Jan 30
An update on this post:
MITRE has provided me with CVE numbers.
CVE-2016-10175 for #1 (information disclosure)
CVE-2016-10176 for #2 (improper access control)
CVE-2016-10174 for #3 (stack buffer overflow)
In addition, NETGEAR has recognised the flaw and released beta firmware
that is supposed to fix this vulnerability. This claim was NOT verified.
The beta firmware can be downloaded from:…
Posted by Russell Sanford on Jan 30
Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the
Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote
compromise of the appliance’s underlining Linux subsystem. The vulnerabilities have now been patched in the January
2017 4.3.1 release of the appliance line.
Here is a summary of the two vulnerabilities documented…
Posted by Sparc Flow on Jan 30
Hello List,
As a way of giving back to the community, I want to share an ebook about pentesting and ethical hacking. You can have
it for free here :
https://www.amazon.com/dp/B01MTDLGQQ
It illustrates a (fictitious) full hacking scenario: from creating a malicious file in a phishing campaign, all the way
to exfiltrating data from a Mainframe (while knocking off some windows domains along the way).
I obviously could not do it without the great…