TUCoPS :: Network Appliances :: qms1.htm

QMS 2060 printer Passwordless Root Exploit

    QMS 2060 printer


    Those running QMS 2060 printer


    Frank Bures found following.   There's a gapping security hole  in
    QMS-2060 network printer that enables a root access to the printer
    WITHOUT password  protection.   According to  the printer  manual,
    one has  to install  file passwd.ftp  in the  printer in  order to
    establish eligible users and their passwords.  After the file  has
    been  installed,  all  the  users  mentioned  in  the file HAVE to
    provide their passwords  to log on  the printer EXCEPT  root, even
    if root and his password are explicitly mentioned in the file.  It
    means that  ANYONE can  log on  the printer  as root,  rewrite the
    passwd.ftp file with  an arbitrary file  and disable an  access to
    the printer to anyone else.  This person can also change the  file
    hosts, that  list machines,  which are  allowed to  connect to the
    printer.  So, anyone can  rewrite passwd.ftp file and hosts  file,
    print out hundreds of pages directly from his own machine  without
    being registered  by the  lp accounting  system on  the server and
    then put the original files back to cover his tracks.


    After  lengthy  investigation  with  the  QMS  customer support it
    became apparent, that this it not  a bug but a feature.   In order
    to make root password protected  one has to buy a  "security key",
    which is a little DB-9 plug  (sort of a dongle), which is  plugged
    in the matching  connector at the  rear of the  printer.  One  can
    then  establish  a  root  password.   BTW  the  DB-9  dongle costs
    CDN$177.10!  No comment.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH