Difference between revisions of "Code execution"

From Hacking Printers
Jump to: navigation, search
(Created page with "''Currently, the following denial of service techniques are discussed in this wiki:'' * Buffer overflows – Smashing the stack based on unsanitized LPD and PJL i...")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
''Currently, the following denial of service techniques are discussed in this wiki:''
+
Any computer system may be prone to malicious code execution. Printers are no exception. While there are numerous potential attack vectors, two standard ways of importing foreign code are present in most of today's printers and MFPs by design: the ability to perform firmware updates and to install additional software packages. Furthermote, a short introduction to the danger of buffer overflows in embedded devices is given.
 +
 
 +
''Currently, the following techniques to achieve code execution are discussed in this wiki:''
  
 
* [[Buffer overflows]] – Smashing the stack based on unsanitized [[LPD]] and [[PJL]] input
 
* [[Buffer overflows]] – Smashing the stack based on unsanitized [[LPD]] and [[PJL]] input
 
* [[Firmware updates]] – Deploying malicious firmware through ordinary print jobs
 
* [[Firmware updates]] – Deploying malicious firmware through ordinary print jobs
 
* [[Software packages]] – Installing custom software on MFPs and printer devices
 
* [[Software packages]] – Installing custom software on MFPs and printer devices

Latest revision as of 18:22, 15 January 2017

Any computer system may be prone to malicious code execution. Printers are no exception. While there are numerous potential attack vectors, two standard ways of importing foreign code are present in most of today's printers and MFPs by design: the ability to perform firmware updates and to install additional software packages. Furthermote, a short introduction to the danger of buffer overflows in embedded devices is given.

Currently, the following techniques to achieve code execution are discussed in this wiki: