Canon ImageRUNNER SMTP Arbitrary Content Printing

medium Nessus Plugin ID 14819

Synopsis

The remote printer has a denial of service vulnerability.

Description

The remote host seems to be a Canon ImageRUNNER printer, which runs a SMTP service.

It is possible to send an email to the SMTP service and have it printed out. An attacker may use this flaw to send an endless stream of emails to the remote device and cause a denial of service by using all of the print paper.

Solution

Disable the email printing service via the device's web interface.

See Also

https://seclists.org/bugtraq/2004/Sep/322

Plugin Details

Severity: Medium

ID: 14819

File Name: canon_print_by_smtp.nasl

Version: 1.21

Type: remote

Published: 9/24/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/23/2004

Reference Information

CVE: CVE-1999-0564, CVE-2004-2166

BID: 11247