Re: vulnerabilities of postscript printers

From: Bob Beck (beck_at_bofh.cns.ualberta.ca)
Date: 01/24/04

  • Next message: Theo de Raadt: "Re: vulnerabilities of postscript printers"
    To: bugtraq@securityfocus.com
    Date: Sat, 24 Jan 2004 12:58:50 -0700
    
    

    >>> My god, people attach printers to networks! Postscript is Turing Complete!
    >> Blah blah - you can't open files...
    > Sure you can, RTFM...

       Who cares? if it's a network attached printer there's some sort of
    IP stack in there speaking lpr, and some semblance of an operating
    system. It's a computer. It has network interfaces, the software is
    certainly full of bugs and sucks, like most other software. It's
    probably exploitable. Why would you treat this device any differently
    than any other network attachable device on your secured network?

        Either you allow devices to have connections to both secured and
    unsecured networks or you don't. If you think a printer, refrigerator,
    jet-direct device, set-top-box, 802.11? stuff, coffee machine, coke
    machine, Cell phone, PDA, etc. etc. could never be exploited to talk to
    whatever it's talking to, please call me, I have a great opportunity
    with a moose milking ranch to get you in on early.

      -Bob


  • Next message: Theo de Raadt: "Re: vulnerabilities of postscript printers"