Home / Technology / 16-year-old security flaw affects millions of HP, Samsung, Xerox printers

16-year-old security flaw affects millions of HP, Samsung, Xerox printers



There have been details of a high-severity vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has not been detected since 2005.

Trace as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a printer driver installation package called “SSPORT.SYS” which can enable remote privileges and arbitrary code execution. Hundreds of millions of printers have been released worldwide to date with the current vulnerable driver.

However, there is no evidence that the error was abused in real-world attacks.

Stack Overflow Teams

“A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privileges,” according to a statement released in May.

The problem was reported to HP by threat letter researchers from SentinelLabs on February 18, 2021, after which remedies were published for the affected printers from May 19, 2021.

CVE-2021-3438

In particular, the problem is due to the fact that the printer driver does not clean the size of the user input, which potentially allows an unprivileged user to escalate privileges and run malicious code in kernel mode on systems that have the buggy driver installed. now

“The vulnerable function inside the driver accepts data sent from user mode via IOCTL (Input / Output Control) without validating the size parameter,” SentinelOne researcher Asaf Amir said in a report shared with The Hacker News. “This function copies a string from the user input using ‘strncpy’ with a size parameter controlled by the user. This essentially allows attackers to override the buffer used by the driver.

Enterprise Password Management

Interestingly, it seems that HP copied the driver functionality from an almost identical Windows driver example published by Microsoft, even though the trial project itself does not include the vulnerability.

This is not the first time security flaws have been detected in old software drivers. Earlier in May, SentinelOne revealed details of several critical privilege escalation vulnerabilities in Dell’s firmware update driver called “dbutil_2_3.sys” that were not disclosed for more than 12 years.




Source link