Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cross-site security flaw discovered in the old PostScript language

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 1, 2017

Researchers from a German university have discovered a new cross-site security flaw in the now very old PostScript language used by thousands of printers all over the globe.

If PostScript is the printer driver, the device is then highly vulnerable to what they call Cross-Site Printing attacks, documented in detail at Hacking Printers.

The security flaws range from attackers exfiltrating copies of what's sent to printers, to denial-of-service, code execution, forced resets and even bricking the targets.

The work from the University Alliance landed on Full Disclosure with five vendor-specific follow-ups, and as they note-- “This security vulnerability has presumably been present in every PostScript printer for more than thirty-two years as solely legitimate PostScript language constructs are abused.”

Linux, BSD and Mac OS users, please note that the bug is also exploitable via the popular Common Unix Printing System, CUPS.

Additionally, the PostScript 'showpage operator' is also at fault, since present in every PostScript document to print the current page, it can be redefined by an attacker to execute their own PostScript code.

More serious malice is also possible since an attacker can obtain copies of print jobs from outside the network as well.

Printer vendors known to have such exploitable functions include HP, Dell, and Lexmark, and there are specific advisories for others.

The researchers also note:

  • HP LaserJet 4200N and 4250N, the OKI MC342dn and the Konica Minolta Bizhub C454e can be exploited to expose passwords;
  • Various HP LaserJets can be reset to factory defaults;
  • Brother's proprietary PJL printer language is vulnerable to memory access;
  • It's also possible to cause physical damage to NVRAM in a number of printers as well, asserts University Alliance.

    This last one happens because a potential exploit can still force high numbers of rewrites to the printer's NVRAM, which eventually causes it to deteriorate.

    Finally, the researchers also demonstrate that PostScript printers and Brother's proprietary PJL can be buffer-overrun with an exploit, leading to denial of service or potentially even to code execution.

    Source: University Alliance.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer