Sat, 07 Feb 2009 HP urges LaserJet users to patch printers
Certain LaserJet, Color LaserJet and Digital Sender models are affected
Hewlett-Packard has warned owners of some of its laser printers to update their devices' firmware or risk having remote attackers access previously-printed documents.
In an advisory HP said that users of certain LaserJet, Color LaserJet and Digital Sender models are affected, and urged them to immediately download and install firmware upgrades.
The devices include 10 different LaserJet models - ranging from the 2410 to the 9050 - two Color LaserJet models and the 9200C Digital Sender, a sheet-fed document scanner.
According to San Antonio, Texas-based Digital Defense, the security company that reported the problem to HP last October, attackers can exploit a bug in the printers' Web-based control interface to "read arbitrary system configuration files, cached documents, etc."
Exploiting the vulnerability, the Digital Defense researchers said, is "trivial" with common Web server "directory traversal" tactics. A directory transversal attack is an HTTP-based exploit that lets attackers access restricted directories, and execute commands outside of the server's root directory.
Adrien de Beaupre, an analyst with the SANS Institute 's Internet Storm Center (ISC), added his voice to the call for patching printers. "The impact might not seem severe, as in the attacker can view the printer configuration; however, viewing cached versions of printed documents can be," said de Beaupre in an alert on the ISC site on Friday.
Other than patching, the only other defensive measure available is to disable access to the printers' online control interface, de Beaupre added.
HP listed the affected printers in a security bulletin , which also included instructions on how to download the firmware update.
Macworld and Truphone have a brand new MacBook to give away. Click here to be in with a chance of winning.
Be the first to hear about the latest Mac news with Macworld Mainline, our FREE Mac newsletter. Click here to sign up and get news reports direct to your inbox.
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?rss&newsid=24859
<<prev article | back to news index | next article>>
Do you share your creations online? % of Macworld readers agree with you What do you create and how do you share it? Follow the conversation at @TabletChat paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm I draw manga/anime characters. I also do graphic design and photography.RT @spialelo Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialeloQuestion of the day!
Latest News
- Apple intros Aperture 3, adds over 200 new features
- VIP iPhone app drops from millionaire priced £279.99 to under a tenner
- Play.com: Google Nexus One now available for pre-order
- Amazon's Kindle gets ready to battle Apple's iPad
- Apple Store is down, new Macs imminent?
- Canon intros EOS 550D 18-megapixel DSLR camera
- WSJ: Apple could slash iPad prices if sales disappoint
- Apple offers 'find out how' tutorials as podcasts
- Adobe says sorry for 16-month-old Flash bug
- Getty launches subscription stock image service, Thinkstock
- RouteBuddy intros RouteBuddy Atlas 1.3 for iPhone, iPod touch
- AppFund seeks Apple iPad developers, offers funding up to $500,000
iPhone 3G S Video Review
Related News
- CubeMe Google Chrome plug-in shows how Adobe Flash will look on iPad
- Mozilla ends Firefox support for Mac OS Tiger
- Canon release EOS Movie Plug-in for Final Cut Pro
- Symantec hit with US class-action lawsuit over auto-renewals
- US patent office to review VoIP patent
- Apple iPad: Hype will kill sales, survey says
- Be.ez intros Apple iPad protection sleeves
- Researcher: iPhone apps could spy on you
- X2 intros iTablet, no relation to Apple iPad (honest)
- Pixart.it intros new Komori offset printing solutions
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Are you a new customer? Are you doubtful? |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
50% off ebooks |
Comments received
Baskaran said on Mon, 09 Feb 2009
Thanks god - HP does not make pacemakers.
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments