lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <47C81DA5.8070606@iu.edu>
Date: Fri, 29 Feb 2008 09:58:45 -0500
From: Nate Johnson <natejohn@...edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Canon Multi Function Devices vulnerable to FTP
	bounce attack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Indiana University Security Advisory:
Canon Multi Function Devices vulnerable to FTP bounce attack.

Advisory ID:
20080229 Canon MFD FTP bounce attack

Advisory revisions:
* 02-29-2008 0500 UTC 1.0 Initial Public Release

Credit/acknowledgement:
CVE-2008-0303
* Date of discovery: 09-27-2007
* Nate Johnson, Lead Security Engineer, Indiana University

Summary:
Certain Canon Multi Function Devices (see Products affected below) allow
remote attackers to redirect traffic to other sites (aka FTP bounce) via
the PORT command, a variant of CVE-1999-0017.

Mitigation/workarounds:
* Disable FTP printing:
~  o Navigate to Additional Functions -> System Settings -> Network
Settings -> TCP/IP Settings -> FTP print.
~  o Set FTP print to OFF.

* Protect FTP printing with username/password credentials:
~  o Navigate to Additional Functions -> System Settings -> Network
Settings -> TCP/IP Settings -> FTP print.
~  o Set "user name" and "password" for the FTP print functionality.

Firmware updates that fix the vulnerability are available, but are not
user installable. They require a service technician call. If one of the
above two workarounds are not sufficient, please contact your local Canon
Authorized Service Dealer.

Additionally, best practices suggest that access controls and network
firewall policies be put into place to only allow connections from trusted
machines and networks.

Criticality:
This vulnerability has a risk of not critical.

Products affected:
* imageRUNNER 2230/2830/3530
* imageRUNNER 3025/3030/3035/3045
* imageRUNNER 2270/2870/3570/4570
* imageRUNNER 5070/5570/6570
* imageRUNNER 5050/5055/5065/5075
* imageRUNNER 8070/85+/9070/105+
* imageRUNNER 7086/7095/7105
* Color imageRUNNER C3220/2620
* Color imageRUNNER C2880/3380
* Color imageRUNNER C2550
* Color imageRUNNER C4080/4580/5180/5185
* Color imageRUNNER LBP5960
* Color imageRUNNER LBP5360
* imageRUNNER C3170
* imageRUNNER C5800/6800
* imageRUNNER C5870U/6870U
* imageRUNNER C5058/5068
* imageRUNNER LBP3460
* imagePRESS C7000VP
* imagePRESS C1

References:
* https://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
* http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
*
http://www.canon-europe.com/For_work/Canon_Europe_CBS_Web_Advisory_Digital_Multifunction_Printers.asp
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0303
* http://www.kb.cert.org/vuls/id/568073
* http://www.securityfocus.com/bid/28042
* http://www.cert.org/tech_tips/ftp_port_attacks.html#3

- --
* Nate Johnson, Lead Security Engineer, GCIH, GCFA
* University Information Security Office, Indiana University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iEYEARECAAYFAkfIHaUACgkQGQUVGJudcw5iggCgmUYzUJWIrEPVpX6zT9sJBP0W
8gQAni3LJJPbsWOCv5SEyA7OKU5tsVHC
=Vu5P
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ