[33195] in bugtraq
vulnerabilities of postscript printers
daemon@ATHENA.MIT.EDU (Bob Kryger)
Thu Jan 22 15:59:03 2004
Message-ID: <40101A67.2090804@panix.com>
Date: Thu, 22 Jan 2004 13:45:59 -0500
From: Bob Kryger <bobk@panix.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
During one of our security reviews the following situation was
uncovered. What are your thoughts?
Suppose a postscript printer has multiple interfaces connected to
different networks, is there a way to leverage PostScript to create a
vulnerability such as.
1. Allow an attacker log in to the printer and then gain access to the
other network?
2. Create a postscipt program to send copies of printouts to one of the
interfaces?
3. What if one of the interfaces is a JetDirect connected via a parallel
port?
It has been suggested that PostScript is very powerful and can be used
to accomplish a number of general purpose computing tasks including
copying data from one port to another and examining memory. Since the
parallel interface is bidirectional what is keeping data from being send
from the printer to the network, breaching security.
My preliminary web searches do not reveal much in the way of postscript
printer vulnerabilities.
Thanks
Bob
