Apple LaserWriter 12/640 PS Printer Default Configuration Allows Remote Users to Access the Telnet Management Port
|
|
SecurityTracker Alert ID: 1005488 |
|
SecurityTracker URL: http://securitytracker.com/id/1005488
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 26 2002
|
Impact:
User access via network
|
Exploit Included: Yes
|
|
Description:
A default configuration vulnerability was reported in the Apple LaserWriter 12/640 PS printer. A remote user can access the printer's management port.
UkR Security Team reported that the default configuration of the printer does not protect the telnet management port with a password. A remote user can access the device to monitor printer activity or cause denial of service conditions.
|
Impact:
In the default configuration, a remote user can access the telnet management port.
|
Solution:
Users can manually set a password after the setup process has been completed.
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause:
Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 26 Oct 2002 08:52:32 +0400
Subject: TCP/IP Printer Configuration Utility for Apple.LaserWriter
|
Release Date: October 26, 2002
Product : TCP/IP Printer Configuration Utility for
Apple.LaserWriter 12/640 PS
Vendor : Apple Computer, Inc. (http://www.apple.com)
Remote : Yes
Author : UkR-XblP (cuctema@ok.ru)/ UkR security team
/
About :
TCP/IP Printer Configuration Utility is the installation
and management software for
Apple.LaserWriter 12/640 PS printer.
Overview:
Device do not set a password for telnet access. As a
result, the telnet port will be
left exposed to unrestricted remote access. Remote users
with malicious intent will
be able to access the device to cause a denial of service,
or potentially monitor
printer activity to gather information that may be used to
compromise systems.
Solution:
Set the telnet password manually after setup printer.
---
Professional hosting for everyone - http://www.host.ru
|
|
