From my experience, there were cases where printer or print server has
hanged with a complex
document, and there fore need to be restarted. Perhaps, theoretically
you can exploit this not only for DOS. However I do not have
information about public exploits.
2008/5/13, Paul Johnston <paj (at) pajhome.org (dot) uk [email concealed]>:
> Hi,
>
> I've been told a few times PCL and PostScript are fully functional
> stack-based languages. Had anyone successfully compromised a printer, by
> submitting a job that contains malicious PCl or PostScript? I'd be
> particularly interested to know if this is an inherent weakness with the
> languages, or a specific vulnerability that has existed in some versions of
> printer firmware, but been patched since.
>
> Regards,
>
> Paul
>
>
--
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
Confidentiality Warning: This message, including any attachment, is sent only for the use of the intended recipient; it is confidential and may constitute privileged information. If you are not the intended recipient, you are hereby notified that any printing, copying, distribution or other use of this message is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email, and delete it. Thank you!
Yes, more then 15 years ago, somebody distribute a postscript file that disable all printer, locking them up with a permanent password
No reboot would work..
Apple had to release a postcript file that unlock the printer...
Daniel Bourque
Loto-Québec
via Blackberry
----- Message d'origine -----
De : securityfocus2 (at) googlegroups (dot) com [email concealed] <securityfocus2 (at) googlegroups (dot) com [email concealed]>
Ã? : Paul Johnston <paj (at) pajhome.org (dot) uk [email concealed]>
Cc : security-basics (at) securityfocus (dot) com [email concealed] <security-basics (at) securityfocus (dot) com [email concealed]>
Envoyé : Wed May 14 09:55:07 2008
Objet : Ð?Ñ?веÑ?: Security of PCL and PostScript
Hi.
From my experience, there were cases where printer or print server has
hanged with a complex
document, and there fore need to be restarted. Perhaps, theoretically
you can exploit this not only for DOS. However I do not have
information about public exploits.
2008/5/13, Paul Johnston <paj (at) pajhome.org (dot) uk [email concealed]>:
> Hi,
>
> I've been told a few times PCL and PostScript are fully functional
> stack-based languages. Had anyone successfully compromised a printer, by
> submitting a job that contains malicious PCl or PostScript? I'd be
> particularly interested to know if this is an inherent weakness with the
> languages, or a specific vulnerability that has existed in some versions of
> printer firmware, but been patched since.
>
> Regards,
>
> Paul
>
>
--
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
Mise en garde concernant la confidentialité : Le présent message, comprenant tout fichier qui y est joint, est envoyé à lâ??intention exclusive de son destinataire; il est de nature confidentielle et peut constituer une information protégée par le secret professionnel. Si vous nâ??êtes pas le destinataire, nous vous avisons que toute impression, copie, distribution ou autre utilisation de ce message est strictement interdit. Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement lâ??expéditeur par retour de courriel et le supprimer. Merci!
Confidentiality Warning: This message, including any attachment, is sent only for the use of the intended recipient; it is confidential and may constitute privileged information. If you are not the intended recipient, you are hereby notified that any printing, copying, distribution or other use of this message is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email, and delete it. Thank you!
[ reply ]