Vulnerability

    QMS 2060 printer

Affected

    Those running QMS 2060 printer

Description

    Frank Bures found following.   There's a gapping security hole  in
    QMS-2060 network printer that enables a root access to the printer
    WITHOUT password  protection.   According to  the printer  manual,
    one has  to install  file passwd.ftp  in the  printer in  order to
    establish eligible users and their passwords.  After the file  has
    been  installed,  all  the  users  mentioned  in  the file HAVE to
    provide their passwords  to log on  the printer EXCEPT  root, even
    if root and his password are explicitly mentioned in the file.  It
    means that  ANYONE can  log on  the printer  as root,  rewrite the
    passwd.ftp file with  an arbitrary file  and disable an  access to
    the printer to anyone else.  This person can also change the  file
    hosts, that  list machines,  which are  allowed to  connect to the
    printer.  So, anyone can  rewrite passwd.ftp file and hosts  file,
    print out hundreds of pages directly from his own machine  without
    being registered  by the  lp accounting  system on  the server and
    then put the original files back to cover his tracks.

Solution

    After  lengthy  investigation  with  the  QMS  customer support it
    became apparent, that this it not  a bug but a feature.   In order
    to make root password protected  one has to buy a  "security key",
    which is a little DB-9 plug  (sort of a dongle), which is  plugged
    in the matching  connector at the  rear of the  printer.  One  can
    then  establish  a  root  password.   BTW  the  DB-9  dongle costs
    CDN$177.10!  No comment.