16-12 months-Outdated Safety Bug Impacts Hundreds of thousands of HP, Samsung, Xerox Printers

Particulars have emerged a few excessive severity safety vulnerability affecting a software program driver utilized in HP, Xerox, and Samsung printers that has remained undetected since 2005.

Tracked as CVE-2021-3438 (CVSS rating: 8.8), the problem considerations a buffer overflow in a print driver installer bundle named “SSPORT.SYS” that may allow distant privilege and arbitrary code execution. A whole lot of thousands and thousands of printers have been launched worldwide to this point with the susceptible driver in query.

Nevertheless, there is no such thing as a proof that the flaw was abused in real-world assaults.

Stack Overflow Teams

“A possible buffer overflow within the software program drivers for sure HP LaserJet merchandise and Samsung product printers may result in an escalation of privilege,” in response to an advisory printed in Could.

The difficulty was reported to HP by menace intelligence researchers from SentinelLabs on February 18, 2021, following which remedies have been published for the affected printers as of Could 19, 2021.


Particularly, the problem hinges on the truth that the printer driver would not sanitize the dimensions of the consumer enter, probably permitting an unprivileged consumer to escalate privileges and run malicious code in kernel mode on programs which have the buggy driver put in. now

“The susceptible operate inside the driving force accepts information despatched from Person Mode through IOCTL (Enter/Output Management) with out validating the dimensions parameter,” SentinelOne researcher Asaf Amir said in a report shared with The Hacker Information. “This operate copies a string from the consumer enter utilizing ‘strncpy‘ with a dimension parameter that’s managed by the consumer. Primarily, this permits attackers to overrun the buffer utilized by the driving force.”

Enterprise Password Management

Apparently, it seems that HP copied the driving force’s performance from a near-identical Windows driver sample printed by Microsoft, though the pattern undertaking in itself would not comprise the vulnerability.

This isn’t the primary time safety flaws have been found in outdated software program drivers. Earlier this Could, SentinelOne revealed particulars about a number of crucial privilege escalation vulnerabilities in Dell’s firmware replace driver named “dbutil_2_3.sys” that went undisclosed for greater than 12 years.

Source link