SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   imageRUNNER Printers Vendors:   Canon
imageRUNNER Printers Enable FTP Bounce Attacks
SecurityTracker Alert ID:  1019528
SecurityTracker URL:  http://securitytracker.com/id/1019528
CVE Reference:   CVE-2008-0303   (Links to External Site)
Date:  Feb 29 2008
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Various models
Description:   A vulnerability was reported in various Canon imageRUNNER printers in the FTP Print function. A remote user can conduct FTP bounce attacks via the printers.

A remote user can connect to arbitrary ports on arbitrary systems via the target device using an FTP bounce attack.

Certain Canon imageRUNNER, Color imageRUNNER, and imagePRESS devices are vulnerable.

Engines using imagePASS, imagePRESS Servers, and ColorPASS devices are not affected.

Nate Johnson and the Indiana University reported this vulnerability.

Impact:   A remote user can conduct FTP bounce attacks.
Solution:   The vendor recommends disabling the FTP Print function or applying a username and password to the function.

The vendor's advisory is available at:

http://www.usa.canon.com/html/security/pdf/CVA-001.pdf

Vendor URL:  www.usa.canon.com/html/security/pdf/CVA-001.pdf (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC