[NEWS] Insecure FTP Access in HP PSC 2510 Printers

From: SecuriTeam (support_at_securiteam.com)
Date: 11/17/04

  • Next message: SecuriTeam: "[NT] Hotfoon Automatic Browser Launch" 
    To: list@securiteam.com
Date: 17 Nov 2004 16:43:09 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Insecure FTP Access in HP PSC 2510 Printers
    ------------------------------------------------------------------------

    SUMMARY

    "The <http://h50025.www5.hp.com/hpcom/au_en/10_38_77_1765_Q3094A.html> HP
    PSC 2510 Photosmart all-in-one printer/flatbed fax/scanner/copier device
    is the ultimate solution for home and home-office needs. With wireless and
    Ethernet capabilities, this all-in-one device provides the pinnacle in
    built-in wireless and wired technology for home networks, while providing
    exceptional digital image printing, all with simple, easy-to-use
    functionality".

    Insecure FTP server in the HP PSC 2510 printer allows unauthenticated
    users to store arbitrary data on the printer.

    DETAILS

    The HP PSC 2510 comes with an FTP print service that is not configurable.
    The same FTP server allows anonymous access, whose home directory is
    mapped to a write only directory. Once a file is dropped in the folder the
    printer will print it.

    This allows unauthenticated users to store arbitrary data on the printer
    and retrieve it later with software like
    <http://www.phenoelit.de/hp/docu.html> Hijetter.

    This feature is undocumented, nor is there anyway to enable/disable it via
    any of the supplied software or on the printer itself.

    Vendor Status:
    "HP Technical support commented that if you don't want this feature then
    you should hook up the printer as a local printer".

    NOTE: This printer comes with both wireless and wired connectors on its
    back.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:jrush@scout.wisc.edu> Justin
    Rush.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] Hotfoon Automatic Browser Launch"

    Relevant Pages