imageRUNNER Printers Enable FTP Bounce Attacks
|
|
SecurityTracker Alert ID: 1019528 |
|
SecurityTracker URL: http://securitytracker.com/id/1019528
|
|
CVE Reference:
CVE-2008-0303
(Links to External Site)
|
Date: Feb 29 2008
|
Impact:
Host/resource access via network
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): Various models
|
Description:
A vulnerability was reported in various Canon imageRUNNER printers in the FTP Print function. A remote user can conduct FTP bounce attacks via the printers.
A remote user can connect to arbitrary ports on arbitrary systems via the target device using an FTP bounce attack.
Certain Canon imageRUNNER, Color imageRUNNER, and imagePRESS devices are vulnerable.
Engines using imagePASS, imagePRESS Servers, and ColorPASS devices are not affected.
Nate Johnson and the Indiana University reported this vulnerability.
|
Impact:
A remote user can conduct FTP bounce attacks.
|
Solution:
The vendor recommends disabling the FTP Print function or applying a username and password to the function.
The vendor's advisory is available at:
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
|
Vendor URL: www.usa.canon.com/html/security/pdf/CVA-001.pdf (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 29 Feb 2008 01:56:37 -0500
Subject: Canon imageRUNNER printers
|
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
http://www.kb.cert.org/vuls/id/568073
CVE-2008-0303
|
|
