SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Printer)  >  imageRUNNER Printers Vendors:  Canon
Canon imageRUNNER 210s Can Be Crashed By Scanning Port 80
SecurityTracker Alert ID:  1010297
SecurityTracker URL:  http://securitytracker.com/id?1010297
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 26 2004
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): Model 210s
Description:  Scott Reed of Penn State University reported a denial service vulnerability in the Canon imageRUNNER 210s. A remote user can cause the printer to stop responding to network communications.

It is reported that a remote user can conduct multiple port scans against the web interface (port 80) to cause the network services to hang. A power cycle is required to return the system to normal operations.

The vendor has reportedly been notified.
Impact:  A remote user can cause the network services to become unavailable.
Solution:  No solution was available at the time of this entry.

The author of the report indicates that as a workaround, you can disable the web interface via the printer configuration/setup console.
Vendor URL:  www.canon.com/ (Links to External Site)
Cause:  Exception handling error
Reported By:  Scott Reed <skr8@psu.edu>
Message History:   None.

 Source Message Contents
Date:  Wed, 26 May 2004 10:05:03 -0400
From:  Scott Reed <skr8@psu.edu>
Subject:  Port 80 DOS vulnerability with the Canon ImageRunner 210s

 

The Canon ImageRunner 210s, running the most recent software, is susceptible to a
denial of service (DOS) attack to via the web interface (port 80).  Repeated port 80
scans against the ImageRunner 210s causes the ImageRunner to stop responding to all
network communications (i.e. network printing fails).  Network printing services can
be restored to the ImageRunner 210s by power cycling the unit.  Once power cycled, the
ImageRunner 210s will remain active until the next cycle of port 80 scans.  This
vulnerability can be prevented by disabling the web interface via the printer
configuration/setup console.

Canon representatives have thus far declined to resolve the problem with a software
patch or update.

Scott Reed
Systems Engineer
Penn State University
Telecommunications & Network Services
mailto:scottreed@psu.edu


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC