CVE-2008-0303

Description

The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

Affected products

• Canon / imagepressc1 – c1
• Canon / imagerunner3045n – 3045n
• Canon / imagerunnerc4080i – c4080i
• Canon / imagerunnerc4580i – c4580i
• Canon / imagerunnerc5185i – c5185i
• Canon / imagerunnerc5870 – c5870
• Canon / imagerunnerc5870i – c5870i
• Canon / imagerunnerc5880 – c5880
• Canon / imagerunnerc5880i – c5880i
• Canon / imagerunnerc6870i – c6870i
• Canon / imagerunnerc6880 – c6880
• Canon / imagerunnerc6880i – c6880i
• Canon / imagerunnerclc4040 – clc4040
• Canon / imagerunnerclc5151 – clc5151
• Canon / imagerunner85plus – 85plus
• Canon / imagerunner105plus – 105plus
• Canon / imagerunner2230 – 2230
• Canon / imagerunner2270 – 2270
• Canon / imagerunner2570c – 2570c
• Canon / imagerunner2570ci – 2570ci
• Canon / imagerunner2870 – 2870
• Canon / imagerunner3025 – 3025
• Canon / imagerunner3025n – 3025n
• Canon / imagerunner3035 – 3035
• Canon / imagerunner3035n – 3035n
• Canon / imagerunner3045 – 3045
• Canon / imagerunner3170c – 3170c
• Canon / imagerunner3170ci – 3170ci
• Canon / imagerunner3180c – 3180c
• Canon / imagerunner3180ci – 3180ci
• Canon / imagerunner3530 – 3530
• Canon / imagerunner3570 – 3570
• Canon / imagerunner4570 – 4570
• Canon / imagerunner5055 – 5055
• Canon / imagerunner5055n – 5055n
• Canon / imagerunner5065 – 5065
• Canon / imagerunner5065n – 5065n
• Canon / imagerunner5075 – 5075
• Canon / imagerunner5075n – 5075n
• Canon / imagerunner5570 – 5570
• Canon / imagerunner5800c – 5800c
• Canon / imagerunner5800cn – 5800cn
• Canon / imagerunner6570 – 6570
• Canon / imagerunner6800c – 6800c
• Canon / imagerunner6800cn – 6800cn
• Canon / imagerunner7086 – 7086
• Canon / imagerunner7095 – 7095
• Canon / imagerunner7095p – 7095p
• Canon / imagerunner7105 – 7105
• Canon / imagerunner8070 – 8070
• Canon / imagerunnerc2380i – c2380i
• Canon / imagerunnerc2620 – c2620
• Canon / imagerunnerc2620n – c2620n
• Canon / imagerunnerc2880 – c2880
• Canon / imagerunnerc2880i – c2880i
• Canon / imagerunnerc3220n – c3220n
• Canon / imagerunnerc3380 – c3380
• Canon / imagerunnerc3380i – c3380i
• Canon / imagerunner_2620
• Canon / imagerunner_5000i
• Canon / imagerunner_5020
• Canon / imagerunner_6870
• Canon / imagerunner_8500
• Canon / imagerunner_9070
• Canon / imagerunner_c3200
• Canon / imagerunner_c3220
• Canon / imagerunner_c6800
• Canon / i-sensyslbp3360 – lbp3360
• Canon / i-sensyslbp3460 – lbp3460
• Canon / i-sensyslbp5360 – lbp5360

References

• MISChttp://www.kb.cert.org/vuls/id/568073
• MISChttp://www.securityfocus.com/bid/28042
• MISChttp://jvn.jp/en/jp/JVN10056705/index.html
• MISChttp://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
• MISChttp://securitytracker.com/id?1019528
• MISChttp://www.usa.canon.com/html/security/pdf/CVA-001.pdf
• MISChttp://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html