Particulars have emerged a few excessive severity safety vulnerability affecting a software program driver utilized in HP, Xerox, and Samsung printers that has remained undetected since 2005.
Tracked as CVE-2021-3438 (CVSS rating: 8.8), the difficulty considerations a buffer overflow in a print driver installer package deal named “SSPORT.SYS” that may allow distant privilege and arbitrary code execution. Lots of of hundreds of thousands of printers have been launched worldwide thus far with the susceptible driver in query.
Nonetheless, there isn’t any proof that the flaw was abused in real-world assaults.
“A possible buffer overflow within the software program drivers for sure HP LaserJet merchandise and Samsung product printers might result in an escalation of privilege,” in response to an advisory revealed in Might.
Particularly, the difficulty hinges on the truth that the printer driver does not sanitize the scale of the person enter, doubtlessly permitting an unprivileged person to escalate privileges and run malicious code in kernel mode on techniques which have the buggy driver put in. now
“The susceptible operate inside the driving force accepts knowledge despatched from Consumer Mode through IOCTL (Enter/Output Management) with out validating the scale parameter,” SentinelOne researcher Asaf Amir said in a report shared with The Hacker Information. “This operate copies a string from the person enter utilizing ‘strncpy‘ with a measurement parameter that’s managed by the person. Primarily, this permits attackers to overrun the buffer utilized by the driving force.”
Curiously, it seems that HP copied the driving force’s performance from a near-identical Windows driver sample revealed by Microsoft, though the pattern undertaking in itself does not include the vulnerability.
This isn’t the primary time safety flaws have been found in outdated software program drivers. Earlier this Might, SentinelOne revealed particulars about a number of essential privilege escalation vulnerabilities in Dell’s firmware replace driver named “dbutil_2_3.sys” that went undisclosed for greater than 12 years.