bit-tech.net

HP document disclosure vulnerability

HP document disclosure vulnerability

Several HP printers - all business-oriented models with in-built networking - are vulnerable to an information disclosure attack.

You might be sure that your PC is locked down against attacking crackers, but how often do you update your printer's firmware? If you're a user of HP devices, the answer may well be “not often enough.”

According to an article by The Register's John Leyden yesterday, HP is warning customers that certain models of laser printers are vulnerable to a remote exploit which can allow access to the internal settings – including the ability to view and download copies of previously printed files. While the vulnerability isn't likely to result in an opening for further attacks against an internal network, the privacy implications push the severity up a notch.

The affected models – all network capable – are the HP LaserJet 2410, 2420, 2430, 4250, 4350, 9040, and 9050; the HP Color [sic] LaserJet 4730MFP, and 9500MFP; and the HP 9200C Digital Sender. If you – or, more realistically, your company – uses any of these models it would be a good idea to snag an updated firmware which addresses the issue.

The vulnerability – assigned the ID CVE-2008-4419 in the Common Vulnerabilities and Exposures project is thought to be mitigated by standard border protections, but still represents a potentially troublesome security hole – made worse by the fact that most security audits gloss over embedded systems such as printers.

HP has declined to comment on the issue, apart from warning customers that the patch information available as part of its security bulletin should “be acted upon as soon as possible” by customers with affected devices.

Rushing to patch your personal printer before the crackers get their hands on your printouts, or are you hoping to get a sneak peek at what the CEO's been printing out of office hours? Share your thoughts over in the forums.

15 Comments

Discuss in the forums Reply
Bauul 10th February 2009, 14:48 Quote
Again with the intellitext, what's going on Bit?
Tyrmot 10th February 2009, 15:11 Quote
? what intellitext?

edit: oh you need to use IE.... perhaps b-t's new corporate overlords have something to do with this? :P
Shuriken 10th February 2009, 15:15 Quote
I get the text ads with chrome. I wouldn't mind so much if the ads were actually relevant, but no matter what the text is all you seem to get is blackberry ads :?
Paradigm Shifter 10th February 2009, 15:18 Quote
No, no, it's there in Firefox too... if you're good and disable AdBlock Plus for Bit-Tech. Which I do, as I like to support the places I find useful or fun.

http://www.wsgfmedia.com/paradigm/images/screenshots/intellitxt-fail.jpg

Forgive the JPEG artefacts.

More Blackberry ads. Neat. Apparently Blackberries are useful for "operating systems" and "internal networks"...

...

Anyway, the issue is a nasty one, good that HP fixed it. :)
LeMaltor 10th February 2009, 15:24 Quote
There are boxes covering half the writing, what the hell is going on?
flibblesan 10th February 2009, 15:31 Quote
Quote:
Originally Posted by Bauul
Again with the intellitext, what's going on Bit?

Dennis have to make money out of Bit Tech somehow..
Smilodon 10th February 2009, 15:52 Quote
This is why people should run "Follow me" solutions if they print important/secret stuff.



Quote:
Originally Posted by Paradigm Shifter
No, no, it's there in Firefox too... if you're good and disable AdBlock Plus for Bit-Tech. Which I do, as I like to support the places I find useful or fun.

http://www.wsgfmedia.com/paradigm/images/screenshots/intellitxt-fail.jpg

Forgive the JPEG artefacts.

More Blackberry ads. Neat. Apparently Blackberries are useful for "operating systems" and "internal networks"...

...

Anyway, the issue is a nasty one, good that HP fixed it. :)

I run firefox, and haven't even installed Adblock yet. I still don't get them.
DougEdey 10th February 2009, 15:55 Quote
I think it's because we're on non UK ISPs. Great for me since I'll just VPN to work when reading Bit Articles :)
tank_rider 10th February 2009, 16:31 Quote
Glad all Xerox machines I've worked on developing in the last 3 years have image overwrite, so as soon as the job is printed it gets overwritten on the hard disc.
1ad7 10th February 2009, 16:34 Quote
I have no script for firefox and I have nothing but I do see all the ads :) love you bit tech
Phil Rhodes 10th February 2009, 17:37 Quote
I believe we have a Stage Three transition on our hands, here, folks.

Stage 1 - someone buys some webspace and mounts a forum on it. His friends join.
Stage 2 - site becomes successful enough to employ people
Stage 3 - site is purchased by a large media conglomerate, and users find sport in writing utilities to compare linguistic distribution of site's articles to that of current Sony, Nintendo and Microsoft press releases.

Not to worry, though - it's a rolling process, and by the time bit-tech has finished becoming a waste of space, there'll be someone else around doing the job they used to do so well, and who aren't afraid to have a link to the LED resistor calculator on the front page.

P
devdevil85 10th February 2009, 18:16 Quote
Quote:
Originally Posted by Bauul
Again with the intellitext, what's going on Bit?
Now I see the auto-text. Yeah, it's very unprofessional. Reminds me now of Tom's HW....yuck
p3n 10th February 2009, 19:11 Quote
intelli-wave goodbye!
Phil Rhodes 10th February 2009, 19:46 Quote
Better yet, if you hover over the under-underline, or more to the point if you happen to abandon the mouse cursor in that position, the ads flash at you madly, appearing and disappearing repeatedly. Top quality!
raGe82 10th February 2009, 19:48 Quote
Quote:
Originally Posted by Paradigm Shifter
More Blackberry ads. Neat. Apparently Blackberries are useful for "operating systems" and "internal networks"...
Or maybe Blackberries has something to do with vulnerabilities ;-) j/k

As tank_rider wrote - good printer should have some tool to clean up the disks after printing
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums