QUOTE
24 December 2011, 15:12
Firmware update mitigates HP's LaserJet printer security problems
HP has released a firmware update for some of its LaserJet printers, aimed at mitigating the risk posed by a vulnerability disclosed in late November. The company stressed that it will be "communicating this proactively to customers and partners" ? though not, it seems, just yet, with the press release on the update giving no details of the changes made by HP and failing to reveal which devices the new firmware is available for.
On the affected models, updates have always been supplied without a digital signature. The devices will just accept and install any firmware they are given. A crafted print job sent from a Linux or Mac system can also, in some cases even remotely, be able to trigger a firmware update, allowing an attacker to inject code and take control of the printer.
According to a report by MSNBC, in one test, the University of Columbia researchers who discovered the vulnerability were able to cause the fuser unit to overheat. HP, however, denies that the vulnerability could be used to cause a fire, stating that the presence of a thermal breaker upstream of the fuser prevents overheating.
(djwm)
More:
http://www.h-online....ms-1401292.html
Firmware update mitigates HP's LaserJet printer security problems
HP has released a firmware update for some of its LaserJet printers, aimed at mitigating the risk posed by a vulnerability disclosed in late November. The company stressed that it will be "communicating this proactively to customers and partners" ? though not, it seems, just yet, with the press release on the update giving no details of the changes made by HP and failing to reveal which devices the new firmware is available for.
On the affected models, updates have always been supplied without a digital signature. The devices will just accept and install any firmware they are given. A crafted print job sent from a Linux or Mac system can also, in some cases even remotely, be able to trigger a firmware update, allowing an attacker to inject code and take control of the printer.
According to a report by MSNBC, in one test, the University of Columbia researchers who discovered the vulnerability were able to cause the fuser unit to overheat. HP, however, denies that the vulnerability could be used to cause a fire, stating that the presence of a thermal breaker upstream of the fuser prevents overheating.
(djwm)
More:
http://www.h-online....ms-1401292.html
