Printers - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Printers


Canon MFPs Vulnerable to FTP Bounce Attack



 By: Ryan Naraine
2008-02-29
Article Rating:starstarstarstarstar / 16


There are 1 user comments on this Printers story.


Rate This Article:
Poor Best
The vulnerability affects 20 Canon multifunction printers and could allow remote attackers to redirect traffic to other sites via the PORT command.

Researchers at Indiana University have raised an alert for a difficult-to-fix vulnerability affecting certain Canon Multifunction printers.

The flaw, which affects about 20 different Canon MFP models, could allow remote attackers to redirect traffic to other sites via the PORT command.

This issue is known as FTP bounce and is related to an old issue in FTP servers that lets remote attacker to connect to arbitrary ports on machines other than the FTP client.

According to the Indiana University advisory, the following Canon products are affected:

  • imageRUNNER 2230/2830/3530
  • imageRUNNER 3025/3030/3035/3045
  • imageRUNNER 2270/2870/3570/4570
  • imageRUNNER 5070/5570/6570
  • imageRUNNER 5050/5055/5065/5075
  • imageRUNNER 8070/85+/9070/105+
  • imageRUNNER 7086/7095/7105
  • Color imageRUNNER C3220/2620
  • Color imageRUNNER C2880/3380
  • Color imageRUNNER C2550
  • Color imageRUNNER C4080/4580/5180/5185
  • Color imageRUNNER LBP5960
  • Color imageRUNNER LBP5360
  • imageRUNNER C3170
  • imageRUNNER C5800/6800
  • imageRUNNER C5870U/6870U
  • imageRUNNER C5058/5068
  • imageRUNNER LBP3460
  • imagePRESS C7000VP
  • imagePRESS C1

[ Also see: Multifunction Printers: The Forgotten Security Risk ]

Resource Library:

Canon has acknowledged the issue in an alert (PDF) that warns that an attacker may be able to scan networks that are not otherwise accessible. "An attacker may also be able to conceal the true origin of a port scanning attempt," Canon said, noting, however, that information in the network host cannot be obtained via the affected printers.

Nate Johnson, the lead security engineer at Indiana University who reported the issue to Canon, said the available firmware updates that fix the vulnerability "are not user-installable."

"[Patching this] requires a service-technician call from a local Canon Authorized Service Dealer," Johnson said.

As a temporary mitigation, Johnson recommends:

Disable FTP printing:

  • Navigate to Additional Functions -> System Settings -> Network Settings -> TCP/IP Settings -> FTP print.
  • Set FTP print to OFF.

Protect FTP printing with username/password credentials:

  • Navigate to Additional Functions -> System Settings -> Network Settings -> TCP/IP Settings -> FTP print.
  • Set "user name" and "password" for the FTP print functionality.

"Additionally, best practices suggest that access controls and network firewall policies be put into place to only allow connections from trusted machines and networks," Johnson said.





  Reader Comments: Canon MFPs Vulnerable to FTP Bounce Attack
>>> Post your comment now!
A user comment on this article
Ryan Naraine here with a question for the readers. Do you include printers and other MFDs in your regular patch-management strategy? If not, why not?
Posted At: 02-29-08
By: Ryan Naraine
>>> Post your comment now!
 

 
 
>>> More Printers Articles          >>> More By Ryan Naraine
 


x}ks㶲*Q3Co{)ْ:c[>fIm"!1Eꐔ=N6~bvKJcs7ؖnt7F; IM ל۔O]sSãw$5]2I=*rdz&9%G jL7R}f]S kkL|Nშ :':@.Pk< Z535ԗoˏ~e0-ڎIQ6)֐Nմ<ش$)qH#ѺC(D}%k[ tVN oT| pTƖþ=az5EhDԸ#|x\'gώɀYgF {.Qu^?C2]hj:TN`Uƞfnڭaㅰ A=c9p= ^- Go&lwsDƞ4HC d"LJ^`:tm3G^C]õ]\./RF͌eCwtSz3]gԏPL0H6=~0[ QM%$7 .lqjk0~b[>4I :]Uh?BWuomzV[ucϝ;!{I̖%X䄍ER'>6O( |@I uBģzr(˺79hmyaijTӪrT5X;rދWcm9Ne,oF}޹RV5MQjUu7ںs m)kCq9}r>?'7;A:@o&boDR˅4D>-āVP= u/kzQҏZ[^ ԊhGZAAvIna̳| 3+i3*5dNߒ-~k~>EYf0ZhCA+tW?#;ˠjqsںy\7=rڽ&Iŝ{N4ps Zʿ\vO^SQ&:aZ+U#3\$>wNHN‰,-YtǷP[,/s$BrZT|Y|ěy30si2)>ML9X@/@ש#W4j5t-Mn #dLi&ͭzh-Aho*KLru&@Sk~$M ]5ņ])!exFSmR—U/(AK/- 5f>]R${3BDȝ`g@ BD4?CzC0&pt/\~5M.΃awWʲ9QY +K\M흙ޢG\zfuEzW^?]{6LqJjpX.B2iKB0qjۛZ\MWJPX=*‹JMU~ _p-~~b2B cgLt tA`::)~ҧ#|>5և$!|Бdmxq=Z.3+ЍEXn`Nt&h`㻣^h>[W <{ C 0ԟsZ LP#wC۠h&r=kIׇ.[?? ; G`p]&; xk =`DVt#` V< 2/?>axs݀ܧP}-jMtև &QsnPBΨ(~9-WR/^`y" EEKy3@ $h5az.? ŊޑvZ*&RP*m=!ԑt݁Z*}-΍gR1eb -d[b~Il eV&vϏaZLboD6], S m,'Z Xk5 Z)m *LBOzgؕJVȊ*/ğ/w<-qF΍`?[^0&1 7R'~Xz /,ÂIșuS9=L{"z [q37Oj7ab< #~Sˀ)4+9pPs >`|=-0Xհݹ2|dܣ%}?p*JNCjVzv}n7MAV?kp6+ s&rG|媞5 jx0?3\LdFfkД Sլ LyG).EwJl㜜;F]s;tOִYWo%<4Hյ݋$/gcP*KúJjp ~7Bj^¢ym<2D֑`9HM^>V "fˣQ4lJ jIo2@n=ȢmD jrA5 )Kۊ7q~4EiZ\-}sf8, J; HoIJ*6*SXSĝyд\"қy}@n&zg@>:`3ǟGRlC2DhQ+}ne@ͤԪ)X[3T2.Q\&V,'`#z3F K~,Y\Xϗ+]65e&@0oʵLuzh< VȲO[:٤ RTw֐~3KJAUc?$i?怚H|A2exL,`_#׶lʠ::7HҜ!ȅ@:*ZC c"Dk_(+ `k受Aܧ^Ǭv"5w.Bāh<.Z6[Ro==>ئ\Q݂+6E)'>5 cd]Dz@4`D pHE&A|Zkhp \@U.(L19r2b*X[PTB$ᦼ6t߂ĒbtXQ =j={e|h322 yㅤZ JLo39*GERgD+ϏxWG"MϨH_ଯ? p&7XfiY8As>s.y >{VN0aE>yL Z<|˰"U` }JZYPIb+ģCYV WMU~tV8V|<@? v: C\4!<}o4pf mWq=YJkjXXRO-x[zGs-" ,rֽm?ReW_1"Qevoqe(Dkp?F]S؇Qgm/RU *~e;:zoR.E׌Lt0ȐNǝWlȡTh 8UnF* ϛ=G$1*@7Z ɖ~gVɲ Ն'y>cIV`]j[|8.SoJ@?(1t1Տ'8*z)OcʜEo(SYmq'&F.҄^\fvmvLTcdPR6Z|b\).3Gzz`WPjjzL*>ɧMC 7PZ[#^$}=֢,A7ud*+ZR<* ZlmM l⊗qXCKτkox~E 6-2j=kR`J%¸_v^Iў@>b2at53yp0͎s-$NM6fĺ}aHq+$˴I>N0atA*¾G.CGf﩮 Ϛ8_arOn{W90J$7rQӊ5JR}'0Lp ( rZ: GYdQ.|eR)*`7%ɠK= j ;!O}+tSZ1wOXO\dK!OWƒ"'!Z+53,qvë eVqm^?3Z cS7W_(1@sE1 7k{J~Zg^pR t(+g}e_:m^tο&~?<u!aa="g·~"`}f_Xj\.0MC~:χtD`UueK\4?p-6z_5ރ6 `i8~{D(}ׇ7{9gEU\~; yFh0Z< hq^8K%y;"˶u ߽< rDpAjw>\'d0| srn^7b ` xѤ8"F<$Øύ ^!m Be\׭5g^|%V}Xhr!slP6h4'lC/ؿ+[̚_f·ńB?JNx0(G@RPOh[#ZyKtZ;3Ğw}dh !:Ua2"(BS.iDO§,>^79Sj6_}FF/JN^vR-[N7c+t,GD_q+5sz4~ \1Z9n|&B2^'68;=h)ڏHB"a.A-H7ܾN9$4qJh"g:Q;6?m[ħ{, /䎑=;SL&SQ([4wiQ-uyjtJ1SBͥ`L8M\gwhG(V=w9c24aϝ*hu5nWe gNuAHK.}<﷯IK 09nJs t#k5yׅO>4wX\/f9#- L_:ؓ9NA}i^w7Uzy J}~Nl/t:D(jy[a{wCȪ̅S.{ۋNgS^q,<ctH_/lځ{-3(#{F-޸_2{K7Kx=*~gLw.z@z@pw6{Zg%QJW=(qM@jjiAr\<~^YZ䑽DHڃ}co[#D:*pctOx'Kmh<~or:? G Ofxf79g; 96@$Th\[w5%pRx25y(1h4Rwot8lv4W -~@k=Ǭ!#qZ$$\}1 ߊ;bE Qmi|o(o'򽥎xknRS*/9;LmZS|  \(\@Ӟ _'2>Zl뎟2d]'G//M&KΩnb<;4 CM\@~<:] ֑5`JSYxF`"iter„yy2j ot%/tkqX%I#ąu{ϐ;Po<7ZD!k4:DMM%'n &ζ55 Ji4`VgO&.;Zdz/auUBh/K/$y& >#^B0W=F2+v9:)6zb:9|'Cq$ܲeA0X2j-l1t٢@8ONbƌu)"! :˵2l`fX\-DVچ&.0k.#3ȉ+"|p4aYDx?ؐ`ÆzHX1=܂dݽCjώuXaiB\OG֗cI+,҈ 1(@Iϸ*8ЅdcБϜq}OSVf{T "4rU{7&&O~`%~Ӟ߮)C=E.y Rw.}۠9*  )O&;ҕ=7X9KT_ݎb*6ͲyZiZfGRT/+ή,A?0WỒ\ =W7cJ|{IXi@BODp-.ap_>B!qFƓ^߉#+Iji[>#4?S[糐1|n۰3E5Y|A`$F"`$ʖFtxG+2w5 0\\Z+U%nX\MA (OH]o;"ISN;ao@LZzu=C:M1վ W{OJY zbNLyGo|uٓNtcvkJx6q@/LdAf߳kD3ْ /OP4`MĈ{L@jOg@eN`҅wԑMl'eFHY!n$M|>O! l6$볓d-^?w70㸾?TGR*Xf;l3dݼ"ޗJ-n]Sph g7@Hy5w=ȷְGX@3ْ q/UA3駖}װɍ9NUDxCb8ןJbX5"dom6"%!z85J_Ua& _,_3I'm1fK@Ms˻t~(Xǰy`f҉E8W&D4GcwO#]^t0di.](&* ߔxc9}3QtF|kCp5s=ǎ+[O1,gioJ{4tʊa8Kw)Z!NƓAbpW Cꃆs0Ɵ/# hmd`J84<7B`^t4D$D1o}kwG"JjI9}\v]Qw+IjkS0SU_/N@"&45@z3δwĽky aI pѵ!UM3`j9V  Ѱ+lyȋ$ᮐF043wrk")^=7_E=y2;MS 3+smvmG Q8kvmYo'֌fr*A-[oG6௶eul:s/2=}6dUoko#fyN;mV)Kjhk>;ݲ|6Lzlï^Jif-e։5)MV$HS&e>m~^xp==|Gc98\"O~{k҃>?w}<-ϧ;2(P1͟5?}rg闶UдyHoDD#ঀ_Ӷ~*f;@ X|2'.2b݅$'>?Fwm:ZGsB,o|w-@,--#| lvBy5F?PM={]DntQ+:vHr@YmӶ|4>(C^PB^]’5M=1P7nǞ;wHUWkm:+ ,5 "Y"'"KIE/]^|`.rl?QX2zLzm/-Iyp\oKy6qN"F drRB.]sI *JM]-OQ/ ]ZX,:~eL<_AF+3}&5fL1P;qU6'a<::BߔN@JVH4isrCQͧ58sMbSsܴܧ5̈ ZOkafܗM,J;7^6]4_q=!o7ݝAfnVu&&F/ހmQOa)oc,w{2@a2C`m 4,\ ,+\πTnA4`}"^R%|;E@t`2'Jİo4ZߑVPJj\=@y^iwqݗǮV5U*5YQaڴŪZ#x遇I\1ڣnc̝ JZP-0o@; Dդ'>[S(qZ:<~Q-DR!&҃ߊZg|֢@O `ƖC/0Ÿn54Q.TڕWěb .8 ^`w׭kd %̰HZ۠[*н<%hPY۫u2;˴@lfmmIU+ ַg%.04%n ͦLwtc2h過DқQq߶~mx+s\1oiB.&ڰkW1儔JzN[Ļeŧ1iL(_F1@> p#S CR,6$A.kh>a`{OR(ժۣV_d@2<rWW|-]͒cc:&Օ I.o Arj;#4، Pm̼܏@GBS}o }#b2zt]Ř)׀gڐUBa=X *>IoR7PGP56iC p77Gf\oz~}C@,B UTE:KY;nqt8@ CO 2y»ɹcMNVBE< ,iMYC) Q?\emDRPiFctkXaٌ6g3Mm/u z4((?,p E {GLƙ;fQy#H-D t]\VP*@J>QeAm??&­!Rjs# 9o),a4`\Xg S$[a8tv'+ӬNCj; S Zgk;Λ}-AG,G71=` ?vgT.us x\jHO"cPB<_DB^[ zg~&Jb+ 2| =<RXX_1[> MꪂOJѽ$cU-]Vo7) ;ee[ =M蕴B^Ȉq~/w_Ч6#&Dwn`9ͫ/{M&OǽUӽ$ 9¶V-r5uw[_NW_N;eSyxal\_d_T 3',C rzټh3;eNq(Wiĵ,<^;OKvY Gcqq L;|?@)Qe;ʋ Q~4ab_1oZ^O˦V\k!l?gg:^X3rZOmL~i7xE:X)` ѯ\js@1@C|kO{5Bx_m;g@/P~ (By794h3Od})4>2Z_~5:;\(u2eF9\c/ Y_~3_5%s_d/}/2{ȠE^^d'esFeQ~0{ s!?0~ׅw3?]/ rqWU?{^}~ח_sV99@rߛ o2ڿ\'I73y S*Rq/2苬+ OY射<(Ay>++P/nt3 ث : ?3/z^}NV&/n+^a芪g-5nk ǸJuv^_BKHe^#(,8%Y}MNJ 4tk 7b[yDYAI{R}tEI>t𞫫i@Lw<-cENj).~QJxdB$h{U26#{"tfE}b>s2 'Gz5z[G$QN=PW].6pqSn$/ 5` }ZExvY^]Yj7-P/YCP>YlفGhO WYb-Jbġ${z\r'܌3:X\w{Ai__6WmЙO>AݷDB$p G;w0d<_gO15EL=C}54]MWit{cv]@7maHfT.jZQo\)Uʹ俓k$2 z@ vqITMVYI2ZYrF(RB4|;یW)57tSs@_XE25<>Mqgq%B4;Po.@cmc߻C{ zx u1?BeD˺&bg(L '(|_s˸ [-FlXjXEr 9;9_\$ǖ~} I!Xpb)HC+Z<0;b L5=54 pfT-,_:znҸxQt~ϙIq͘Y>qU|5h_u$HbVHm7c@ԯJ`Xkt JV7B3Ff\rw^f$W"r';7} {PxX8 7tgG=םPĚqwhO!Mv fB~.].g~1'~#pIdh/ 0S$Oˌ%4n' ̿ u3 p5H>&?[rt x8" "H "s{D|%ijP%n3!%؉G׾Є2K`9ao5RFXk;MAx*Lt6q>xMkuN>>gv cTF\|gȌa)x܃AR(~hDmz^DltΖbOE0^Rls]q5{tϘHmgX|@ăHv!$[Wp[2G$!|c*=S3m-(E'.r}7 |Iɳdv/+ 0bŽ%Ov#HYUҎ_Z}$+t#R.܋OFې/)0XPy4w<pI>0)n9wlƋrd{Gog#+nv˧D'>6كl2p}ρ!XsCQ%7` ={lzQڃ`+gp ?dt;b[p?xM֧2QTD )Ybd휙/699jbE Ǣ8"U];x[9ԋO0xmѕhOyql>-/#]^$&+$~Il=fu+Wrcd+{f:e^Ńl'!R!TyX^c 0У,*0lushՆGXƸ[[) qy6`;Щ0DM.vj]nJQXƺa#®u4mvщ߉n^3QaW_A@`U\3zf7tZ35ZBO\3 9!j1Bi>eY1:ä޳`=`Z>^}]x O!0gWPR Y -f1%IDb88)ҡCCĞB4fƲ 7cP.Wd]-'oB@:S .xBG,?ɋ|P 399.@OI"cXM1}aE|S!D!6{xvYpEI{C[7nyq˖VQ(ZNN`XfչC%ȕ/-F#-<#@5̺J"<&/)FҢpL\岞Ԕb}{7 p6JL?-۔̡9MR"GZi/%!&k+EiQ}*' ean%nǝl| n%96G\[ Pqs $