Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] Fax vulnerability
On 2018-08-16 18:08, Anton Aylward wrote:
On 2018-08-16 11:34 a.m., ken wrote:
It the past few days it's been announced that there is a vulnerability
in many "fax machines" (more accurately, all-in-one printers with fax
capabilities).  I've tracked down and downloaded a tarball, but have
found very little info about it. The contents of the tarball look like a
mix of a website and a python program with some C code and printer
drivers and other stuff thrown in.  Should I start wading through all
that, or will there be an update coming out from Suse?  I've got an HP
OfficeJet, if that plays a role.

Fax is about as secure as a land line.

However, the issue here is a very different one. It appears that sending
a particularly crafted fax to the fax machine opens a hole in it, the
machine can then be remotely (by phone) repurposed and used to attack
the network in which it is installed, send back faxes with information, etc.

To do this, first the hackers got one such machine and more or less
reverse engineered it in order to find holes in the code. And they found
them. Then they told HP about it, who has published patches and list of
affected models. But the attack is generic and might be used on other
brands, too.

Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >