When buffer overflows in printers become a risk
Nowadays, administrators have to keep an eye on more than just the security of servers and desktop computers. Even mostly inconspicuous peripheral devices such as network printers can present security issues if they contain vulnerabilities.
Xerox has just released a patch(direct download) for its WorkCentre 5735, 5740, 5745, 5755, 5765, 5775 and 5790 products to fix a buffer overflow in the SMB (Samba) service of these printers' integrated server. The hole could allow remote attackers to break into a system and make unauthorised configuration changes, said the vendor in a security bulletin.
Reportedly, successful attacks on the multi-function printer could potentially also be exploited for industrial espionage. The devices have printing, scanning and copying capabilities and tend to store documents on an internal hard disk. Depending on the model, data may be retrievable as plain text. While Xerox has occasionally released security updates for its products in the past, the current issue has been known for almost a year and has, for example, long been fixed in various Linux distributions.
However, other companies such as HP have also had to solve similar device security problems. At the ShmooCon conference in January, two pen testers gave an impressive demonstration of how to remotely access corporate network printers. Products by Canon and Toshiba are also said to be affected.