Network Security: Detailed info on Promiscuous email printing in Canon imageRunner

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Promiscuous email printing in Canon imageRunner

from [Andrew Daviel] Network Security

[Permanent Link]

Subject:	Promiscuous email printing in Canon imageRunner
Date:	Thu, 23 Sep 2004 15:43:42 -0700 (PDT)


The Canon iR5000i digital printer (and probably other imageRunner models)
has a somewhat undocumented print-from-email feature.

Any text/plain email sent to port 25 on the device will be printed.
The MAIL FROM and RCPT TO values are not authenticated or even checked
for syntax.

There appears to be no way to disable email printing via the Web interface
or front panel, as there is for lpd, ipp and http printing.

Recently these printers have been targetted by spammers as an apparent
open relay (if they don't bother to test for forwarding). There is thus an
effective DoS attack by paper consumption.

This service is blocked by the provided ip address range filtering option.

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security@triumf.ca

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Promiscuous email printing in Canon imageRunner, Andrew Daviel <= Re: Promiscuous email printing in Canon imageRunner, Chip Mefford RE: Promiscuous email printing in Canon imageRunner, Matthew E. Lauterbach RE: Promiscuous email printing in Canon imageRunner, Eric McCarty Re: Promiscuous email printing in Canon imageRunner, Felix Lindner

Previous by Date:	NEW GDI+ JPEG Remote Exploit, John Bissell
Next by Date:	Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Heikki Korpela
Previous by Thread:	NEW GDI+ JPEG Remote Exploit, John Bissell
Next by Thread:	Re: Promiscuous email printing in Canon imageRunner, Chip Mefford
Indexes:	[Date] [Thread] [Top] [All Lists]