[37341] in bugtraq
Re: Unsecure Ftpd on HP PSC 2510 Printer
daemon@ATHENA.MIT.EDU (KF_lists)
Fri Nov 12 14:22:51 2004
Message-ID: <4194DAFA.5060002@secnetops.com>
Date: Fri, 12 Nov 2004 10:47:06 -0500
From: KF_lists <kf_lists@secnetops.com>
MIME-Version: 1.0
To: Lawrence MacIntyre <macintyrelp@ornl.gov>
Cc: Justin Rush <jrush@scout.wisc.edu>, bugtraq@securityfocus.com
In-Reply-To: <4194D5FD.90303@ornl.gov>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Excuse me... Hijetter.exe uses port 9100 to dump files off... however
you CAN retrieve them via port 21 AFTER dumping them off via port 9100.
-KF
Lawrence MacIntyre wrote:
> A write-only ftp server doesn't seem like a good place to do that since
> you can't get them back out...
>
> (nice try, though...)
>
> KF_lists wrote:
>
>> Nothing like someone using the memory on your printer to stash a few
>> files...
>>
>> http://www.phenoelit.de/hp/docu.html
>> -KF
>>
>> Lawrence MacIntyre wrote:
>>
>>> So why is this insecure? Why is this different from port 631 (ipp) or
>>> port 515 (lpd)? It's a printer. You give it a file, it prints it. The
>>> port or protocol it uses is immaterial...
>>>
>>> On Wed, 2004-11-10 at 15:26 -0600, Justin Rush wrote:
>>>
>>>> Product Name: HP PSC 2510
>>>> Summary: Ftp print service is not configurable
>>>>
>>>> This printer comes with an ftp daemon which allows anonymous
>>>> access, and drops the user into a write only directory. By default
>>>> anyone from anywhere can drop a file into this directory and the
>>>> printer will print the document. There is no documentation about
>>>> this feature, nor is there anyway to change (enable/disable) it
>>>> via any of their software or on the printer itself. HP Tech.
>>>> support says that if you don't want this feature then you should
>>>> hook up the printer as a local printer, however this printer
>>>> comes with both wireless and wired connectors on the back.
>>>>
>>>> Justin Rush
>>>> jrush@scout.wisc.edu
>>>
>>>
>
