Canon imageRUNNER, Color imageRUNNER, imagePRESS, LaserShot devices contain a vulnerability known as "FTP" bounce when configured for network printing - Canon HongKong

28 Mar 2008

    Canon imageRUNNER, Color imageRUNNER, imagePRESS, LaserShot devices contain a vulnerability known as "FTP" bounce when configured for network printing

    Dear Customers:

    First of all, we would like to thank you for your undying support to Canon and our products.

    It is found that some Canon imageRUNNER, Color imageRUNNER, imagePRESS, LaserShot devices * contain a vulnerability known as "FTP" bounce when configured for network printing. Engines using imagePASS, imagePRESS Servers, or ColorPASS devices for printing are NOT affected by this vulnerability.

    Overview

    In its simplest terms, this vulnerability is based on the potential misuse of the PORT command in the FTP (File Transfer Protocol) in conjunction with command FTP Print.

    FTP print is a print method using FTP command. This command is not used for printing from the printer driver. The FTP protocol defines the PORT command, which can be used to establish connections to remote machines other than the FTP client. While this functionality complies with the FTP RFC (Request for Comments - the naming convention used in internet related standards and specifications), it exposes a potential vulnerability known as "FTP bounce", in which a malicious user may, if the FTP print setting is on, be able to utilize the FTP server to open connections which appear to originate from the server.

    Impact

    In certain devices, a malicious user may exploit this vulnerability to create a connection between the FTP server and other systems on an arbitrary Port. An attacker may be able to scan networks that it would not otherwise have access to. An attacker may also be able to conceal the true origin of a port scanning attempt. However, information in the network host cannot be obtained via the affected machines. Information in the affected machines cannot be obtained or sent, either.

    Resolution

    To help prevent misuse from occurring, please implement one of the following countermeasures from the device User Interface:

    If you do not require FTP print, please turn off the FTP print setting. The steps are,

    1. Navigate to Additional Functions, choose System Settings, Network Settings, TCP/IP Settings, FTP print.
    2. Set the FTP print to OFF.

    If you require FTP print, please set username and password. The steps are,

    1. Navigate to Additional Functions, choose System Settings, Network Settings, TCP/IP Settings, FTP print.
    2. Set "username" and "password" for the FTP print functionality.

    To all customers using the products in question, we extend our sincerest apologies for any inconveniences resulting from this advisory. To ensure that all Canon customers can continue using Canon products with confidence, we will make every effort to achieve the highest levels of quality possible and humbly request your continued support.

    Should there be any further enquiries, please feel free to contact our Customer Care Hotline at 852-3191-2333.

    Canon Hongkong Co., Ltd.

    * Applicable Models

    Digital Copiers

    - iR C2620/ C2620N/ C3220N
    - iR C6800/ C5800/ C5800N
    - iR C3170/ C3170i/ C2570/ C2570i
    - iR C3180i
    - iR C5870i/ C6870i
    - iR C5185/ C5185i/ C5180/ C5180i/ C4580/ C4580i
    - iR C2880/ C2880i/ C3380/ C3380i
    - iR 2270/ 2870/ 3570/ 4570
    - iR 2230/ 3530
    - iR 6570/ 5570
    - iR 3025/ 3030/ 3035/ 3045
    - iR 5055/ 5065/ 5075
    - iR 9070/ 105+
    - iR 7095/ 7105
    - imagePRESS C1
    - imagePRESS C7000VP

    Laser Printers

    - LaserShot LBP5960
    - LaserShot LBP5360
    - LaserShot LBP3360
    - LaserShot LBP3460

    Hotline Enquiry Hours
    Customer Care Center Address and Opening Hours