16-year-old security bug affects millions of HP, Samsung and Xerox printers

by



[ad_1]

Details have emerged of a high severity security vulnerability affecting a software driver used in HP, Xerox and Samsung printers that has not been detected since 2005.

Plotted as CVE-2021-3438 (CVSS score: 8.8), the problem relates to a buffer overflow in a print driver installation package named “SSPORT.SYS” which can enable remote privileges and the execution of arbitrary code. Hundreds of millions of printers have been released around the world to date with the vulnerable driver in question.

However, there is no evidence that the flaw has been abused into real-world attacks.

Stack overflow teams

“A potential buffer overflow in the software drivers of certain HP LaserJet products and Samsung product printers could lead to privilege escalation,” according to a notice published in May.

The issue was reported to HP by SentinelLabs threat intelligence researchers on February 18, 2021, following which solutions were released for the affected printers on May 19, 2021.

CVE-2021-3438

Specifically, the problem is that the printer driver does not clean up the size of user input, potentially allowing an unprivileged user to elevate their privileges and execute malicious kernel-mode code on them. systems where the buggy driver is installed. now

“The vulnerable function inside the driver accepts data sent from user mode through IOCTL (input / output control) without validating the size parameter,” SentinelOne researcher Asaf Amir said in a shared report. with The Hacker News. “This function copies a string from user input using ‘strncpy’ with a user-controlled size parameter. Essentially, this allows attackers to override the buffer used by the driver.”

Prevent ransomware attacks

Interestingly, it appears that HP copied the driver functionality from an almost identical Windows driver sample released by Microsoft, although the sample project itself does not contain the vulnerability.

This is not the first time that security vulnerabilities have been discovered in old software drivers. Earlier in May, SentinelOne revealed details of several critical privilege escalation vulnerabilities in Dell’s firmware update driver named “dbutil_2_3.sys” that have not been disclosed for over 12 years.



[ad_2]

Source link