Description
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.
Affected products
- Canon / imagepressc1 – c1
- Canon / imagerunner3045n – 3045n
- Canon / imagerunnerc4080i – c4080i
- Canon / imagerunnerc4580i – c4580i
- Canon / imagerunnerc5185i – c5185i
- Canon / imagerunnerc5870 – c5870
- Canon / imagerunnerc5870i – c5870i
- Canon / imagerunnerc5880 – c5880
- Canon / imagerunnerc5880i – c5880i
- Canon / imagerunnerc6870i – c6870i
- Canon / imagerunnerc6880 – c6880
- Canon / imagerunnerc6880i – c6880i
- Canon / imagerunnerclc4040 – clc4040
- Canon / imagerunnerclc5151 – clc5151
- Canon / imagerunner85plus – 85plus
- Canon / imagerunner105plus – 105plus
- Canon / imagerunner2230 – 2230
- Canon / imagerunner2270 – 2270
- Canon / imagerunner2570c – 2570c
- Canon / imagerunner2570ci – 2570ci
- Canon / imagerunner2870 – 2870
- Canon / imagerunner3025 – 3025
- Canon / imagerunner3025n – 3025n
- Canon / imagerunner3035 – 3035
- Canon / imagerunner3035n – 3035n
- Canon / imagerunner3045 – 3045
- Canon / imagerunner3170c – 3170c
- Canon / imagerunner3170ci – 3170ci
- Canon / imagerunner3180c – 3180c
- Canon / imagerunner3180ci – 3180ci
- Canon / imagerunner3530 – 3530
- Canon / imagerunner3570 – 3570
- Canon / imagerunner4570 – 4570
- Canon / imagerunner5055 – 5055
- Canon / imagerunner5055n – 5055n
- Canon / imagerunner5065 – 5065
- Canon / imagerunner5065n – 5065n
- Canon / imagerunner5075 – 5075
- Canon / imagerunner5075n – 5075n
- Canon / imagerunner5570 – 5570
- Canon / imagerunner5800c – 5800c
- Canon / imagerunner5800cn – 5800cn
- Canon / imagerunner6570 – 6570
- Canon / imagerunner6800c – 6800c
- Canon / imagerunner6800cn – 6800cn
- Canon / imagerunner7086 – 7086
- Canon / imagerunner7095 – 7095
- Canon / imagerunner7095p – 7095p
- Canon / imagerunner7105 – 7105
- Canon / imagerunner8070 – 8070
- Canon / imagerunnerc2380i – c2380i
- Canon / imagerunnerc2620 – c2620
- Canon / imagerunnerc2620n – c2620n
- Canon / imagerunnerc2880 – c2880
- Canon / imagerunnerc2880i – c2880i
- Canon / imagerunnerc3220n – c3220n
- Canon / imagerunnerc3380 – c3380
- Canon / imagerunnerc3380i – c3380i
- Canon / imagerunner_2620
- Canon / imagerunner_5000i
- Canon / imagerunner_5020
- Canon / imagerunner_6870
- Canon / imagerunner_8500
- Canon / imagerunner_9070
- Canon / imagerunner_c3200
- Canon / imagerunner_c3220
- Canon / imagerunner_c6800
- Canon / i-sensyslbp3360 – lbp3360
- Canon / i-sensyslbp3460 – lbp3460
- Canon / i-sensyslbp5360 – lbp5360
References
- MISChttp://www.kb.cert.org/vuls/id/568073
- MISChttp://www.securityfocus.com/bid/28042
- MISChttp://jvn.jp/en/jp/JVN10056705/index.html
- MISChttp://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
- MISChttp://securitytracker.com/id?1019528
- MISChttp://www.usa.canon.com/html/security/pdf/CVA-001.pdf
- MISChttp://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html