SecurityFocus

vulnerabilities of postscript printers Jan 22 2004 06:45PM
Bob Kryger (bobk panix com) (2 replies)

During one of our security reviews the following situation was
uncovered. What are your thoughts?

Suppose a postscript printer has multiple interfaces connected to
different networks, is there a way to leverage PostScript to create a
vulnerability such as.

1. Allow an attacker log in to the printer and then gain access to the
other network?
2. Create a postscipt program to send copies of printouts to one of the
interfaces?
3. What if one of the interfaces is a JetDirect connected via a parallel
port?

It has been suggested that PostScript is very powerful and can be used
to accomplish a number of general purpose computing tasks including
copying data from one port to another and examining memory. Since the
parallel interface is bidirectional what is keeping data from being send
from the printer to the network, breaching security.

My preliminary web searches do not reveal much in the way of postscript
printer vulnerabilities.

Thanks
Bob

[ reply ]

Re: vulnerabilities of postscript printers Jan 23 2004 05:01AM
Darren Reed (avalon caligula anu edu au) (6 replies)

Re: vulnerabilities of postscript printers Jan 24 2004 02:56AM
Glynn Clements (glynn clements virgin net) (1 replies)

Re: vulnerabilities of postscript printers Jan 28 2004 04:43PM
Georg Lutz (glist gmx net)

Re: vulnerabilities of postscript printers Jan 24 2004 12:47AM
Michael Zimmermann (zim vegaa de)

Re: vulnerabilities of postscript printers Jan 23 2004 10:41PM
Nate Eldredge (nge cs hmc edu)

Re: vulnerabilities of postscript printers Jan 23 2004 07:21PM
Elizabeth Zwicky (zwicky greatcircle com) (1 replies)

Re: vulnerabilities of postscript printers Jan 23 2004 08:01PM
Darren Reed (avalon caligula anu edu au) (1 replies)

Re: vulnerabilities of postscript printers Jan 24 2004 07:21PM
Stephen Samuel (samuel bcgreen com)

Re: vulnerabilities of postscript printers Jan 23 2004 06:45PM
Jim Knoble (jmknoble pobox com)

Re: vulnerabilities of postscript printers Jan 23 2004 06:40PM
der Mouse (mouse Rodents Montreal QC CA)

Re: vulnerabilities of postscript printers Jan 23 2004 04:15AM
der Mouse (mouse Rodents Montreal QC CA) (2 replies)

Re: vulnerabilities of postscript printers Jan 27 2004 10:12PM
Ian Farquhar - Network Security Group (Ian Farquhar Sun COM)

Re: vulnerabilities of postscript printers Jan 24 2004 12:41AM
Michael Zimmermann (zim vegaa de) (1 replies)

Re: vulnerabilities of postscript printers Jan 24 2004 04:38AM
der Mouse (mouse Rodents Montreal QC CA) (1 replies)

Re: vulnerabilities of postscript printers Jan 24 2004 09:39AM
Michael Zimmermann (zim vegaa de) (1 replies)

Re: vulnerabilities of postscript printers Jan 24 2004 05:26PM
der Mouse (mouse Rodents Montreal QC CA)