Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Promiscuous email printing in Canon imageRunner

from [Eric McCarty] Network Security [Permanent Link]
Subject: RE: Promiscuous email printing in Canon imageRunner
Date: Wed, 29 Sep 2004 10:10:10 -0700 
You think that's bad?, HP Laserjet 4000's, 4100's, 4200's and others
accept any print job you FTP to them, and its anonymous ftp so anyone
can ftp in and send over a print job using the PUT command. This is
nothing new and has been long reported however. 

The trick would be finding a way to upload files to the onboard printer
memory and keep them there, 64mb of space to hide a tarball or zip of
utils would defintely be nice on campus networks. 

Eric

-----Original Message-----
From: Matthew E. Lauterbach [mailto:mlauterbach@mail.wtamu.edu] 
Sent: Monday, September 27, 2004 2:02 AM
To: bugtraq@securityfocus.com
Subject: RE: Promiscuous email printing in Canon imageRunner

On Thursday, September 23, 2004 5:44 PM Andrew Daviel wrote:

The Canon iR5000i digital printer (and probably other imageRunner 
models) has a somewhat undocumented print-from-email feature.

Any text/plain email sent to port 25 on the device will be printed.
The MAIL FROM and RCPT TO values are not authenticated or even checked



for syntax.

 
The Canon iR85 does not seem to have this "feature".  Doing "telnet
10.0.0.1 25" to either of my iR85 printers returns "Could not open
connection to the host, on port 25: Connect failed".

Matt Lauterbach
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Colm MacCarthaigh
Next by Date:  Re: Default username/password pairs in ON Command CCM 5.x database backend, Sep 20 2004 2:24PM, Sym Security
Previous by Thread:  RE: Promiscuous email printing in Canon imageRunner, Matthew E. Lauterbach
Next by Thread:  Re: Promiscuous email printing in Canon imageRunner, Felix Lindner
Indexes:  [Date] [Thread] [Top] [All Lists]