Date: 17 Nov 2004 16:43:09 +0200
From: SecuriTeam <[email protected]>
To: [email protected]Subject: [NEWS] Insecure FTP Access in HP PSC 2510 Printers
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Insecure FTP Access in HP PSC 2510 Printers
------------------------------------------------------------------------
SUMMARY
"The <http://h50025.www5.hp.com/hpcom/au_en/10_38_77_1765_Q3094A.html>; HP
PSC 2510 Photosmart all-in-one printer/flatbed fax/scanner/copier device
is the ultimate solution for home and home-office needs. With wireless and
Ethernet capabilities, this all-in-one device provides the pinnacle in
built-in wireless and wired technology for home networks, while providing
exceptional digital image printing, all with simple, easy-to-use
functionality".
Insecure FTP server in the HP PSC 2510 printer allows unauthenticated
users to store arbitrary data on the printer.
DETAILS
The HP PSC 2510 comes with an FTP print service that is not configurable.
The same FTP server allows anonymous access, whose home directory is
mapped to a write only directory. Once a file is dropped in the folder the
printer will print it.
This allows unauthenticated users to store arbitrary data on the printer
and retrieve it later with software like
<http://www.phenoelit.de/hp/docu.html>; Hijetter.
This feature is undocumented, nor is there anyway to enable/disable it via
any of the supplied software or on the printer itself.
Vendor Status:
"HP Technical support commented that if you don't want this feature then
you should hook up the printer as a local printer".
NOTE: This printer comes with both wireless and wired connectors on its
back.
ADDITIONAL INFORMATION
The information has been provided by <mailto:[email protected]> Justin
Rush.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
