Search My Blog

Thursday, November 29, 2012

Samsung Printer firmware contains a hardcoded SNMP community string - US-CERT Vulnerability Note VU#281284



Here's another Printer Network Backdoor to watch out for...

Don

Vulnerability Note VU#281284

Samsung Printer firmware contains a hardcoded SNMP community string

Original Release date: 26 Nov 2012 | Last revised: 29 Nov 2012

Overview

Samsung printers contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device.

Description

Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.

Impact

A remote, unauthenticated attacker could access an affected device with administrative read/write privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and possibility the ability to leverage further attacks through arbitrary code execution.

Solution

Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung and Dell have also indicated that they will be releasing a patch tool later this year to address vulnerable devices.

Block Port 1118/udp

The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. (e.g. Using IP filtering and Mac address filtering)

Disable SNMP protocol

Samsung is advising end users to disable SNMPv1, 2 or use the secure SNMPv3 mode until the firmware updates are released.
*Note that the vulnerability reporter has stated that the community string that remains active even when SNMP is disabled in the printer management utility.

Vendor Information (Learn More)


Read More...
http://www.kb.cert.org/vuls/id/281284

News 11-29-12
Hackaday Links: November 29th, 2012
WASD Keyboards: Individual Custom Keycaps
MSP430 Spectrum Analyzer - YouTube
Through hole plating and milling at home
MariaMole – an alternate Arduino IDE aimed at advanced users
Best Free Software to Cut or Merge Audio Files
General Assembly Grants Palestine Upgraded Status in U.N. - NYTimes.com
Mercury Home to Ice, Messenger Spacecraft Findings Suggest - NYTimes.com
U.S. Draws Blueprint for an AIDS-Free Generation
How to Tie a Windsor Knot: 10 steps (with pictures) - wikiHow
Most Accurate Projection of Polar Ice Melt Produced to Date
A 60-Million-Year Debate on the Grand Canyon’s Age - NYTimes.com
Gstaad Switzerland Vacation Travel Reviews - hotels, resorts and activities
Researcher reveals backdoor access in Samsung printers | ZDNet





No comments: