[20517] in bugtraq
Re: Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)
daemon@ATHENA.MIT.EDU (Ltlw0lf)
Mon Apr 30 20:51:42 2001
Message-ID: <200104301412.f3UEC6904667@cx492171-a.cv1.sdca.home.com>
Date: Mon, 30 Apr 2001 07:12:06 -0700
Reply-To: Ltlw0lf <ltlw0lf@NOSPAM.HOME.COM>
From: Ltlw0lf <ltlw0lf@NOSPAM.HOME.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Thanks, Francis... Looks like 750DP and 930 printers should be added to the
list of printers that exibit this vuln.
Unfortunately, your fix doesn't always work with printers. We've noticed on
most printers, a blank gateway means "find out the gateway yourself." Most
printers will utilize RIP, or worse, will just choose a gateway (i.e.
10.0.0.1 for network 10.0.0.0) of its own. We've seen tektronix printers do
this as well as hp printers. We've suggested setting the default gateway
as the IP address of the printer, and this usually limits the vulnerability,
but not always. Best is to put it behind the corporate firewall or restrict
it in other ways.
Francis Favorini <francis.favorini@DUKE.EDU> wrote:
<snip>
> I suggest not setting a default gateway for the printer's IP
> configuration.
> This should limit the vulnerability to your own subnet.
