April 5, 2006 5:13 PM PDT

HP warns of printer software risks

A security flaw in software that ships with two of Hewlett-Packard Color LaserJet printers could open a door for cybersnoops, HP has warned.

The vulnerability lies in the Toolbox software that comes with HP's Color LaserJet 2500 and 4600 printers, the company said. The flaw could allow a remote, unauthorized malicious user to retrieve arbitrary files from a Windows computer when the software is running in the default configuration, HP said in a security alert published Sunday.

The Toolbox is software that installs on a PC along with the drivers. It uses a simple Web browser interface for access to printer status information, troubleshooting tips and demos, and an alerts feature.

HP has made HP Color LaserJet 2500/4600 Software Update version 3.1 available to resolve the security issue, it said. Security monitoring company Secunia rates the issue "less critical." The flaw is caused by an input validation error in the Web server that's part of the software, according to a Secunia alert, published Wednesday.

Discovery of the flaw is credited by HP and Secunia to Richard Horsman of Sec-1.com.

See more CNET content tagged:
flaw, printer, HP, security, Microsoft Corp.

6 comments

Join the conversation!
Add your comment
The Key Words Used In This Article...
....are WEB SERVER. Doe's anybody know what a WEB SERVER does.
Well a SERVER is meant to SERVE files to someone or something. In
the case of HP there use of a WEB SERVER allows them to create a
WEB INTERFACE for there printers. Thats all fine and dandy but HP,
you should warn your clients of the security risks of running ANY
SERVER on a local machine. Oh, wait, you found ONE flaw, there's
many more, I know this for a fact!

~Justing
Posted by OneWithTech (196 comments )
Reply Link Flag
The Key Words Used In This Article...
....are WEB SERVER. Doe's anybody know what a WEB SERVER does.
Well a SERVER is meant to SERVE files to someone or something. In
the case of HP there use of a WEB SERVER allows them to create a
WEB INTERFACE for there printers. Thats all fine and dandy but HP,
you should warn your clients of the security risks of running ANY
SERVER on a local machine. Oh, wait, you found ONE flaw, there's
many more, I know this for a fact!

~Justing
Posted by OneWithTech (196 comments )
Reply Link Flag
HP Printers suffer software bloat
Why is this security hole not surprising? Has anyone noticed the unpleasant software bloat that HP printers seem to have acquired? If you install any of their latest Inkjets, you wind up with somewhere between 300 and 600 MB of software on your PC, and that's in addition to the silly web serve on the printer. What is HP thinking? I'm sure some people would find the software useful (if it was relatively bug free, which it actually isn't) but the risk from a security point of view is large just based on the number of lines of code and the fact that HP's applications are definitely network enabled.

Bring back a simple set of printer drivers please!
Posted by whizz (7 comments )
Reply Link Flag
HP Printers suffer software bloat
Why is this security hole not surprising? Has anyone noticed the unpleasant software bloat that HP printers seem to have acquired? If you install any of their latest Inkjets, you wind up with somewhere between 300 and 600 MB of software on your PC, and that's in addition to the silly web serve on the printer. What is HP thinking? I'm sure some people would find the software useful (if it was relatively bug free, which it actually isn't) but the risk from a security point of view is large just based on the number of lines of code and the fact that HP's applications are definitely network enabled.

Bring back a simple set of printer drivers please!
Posted by whizz (7 comments )
Reply Link Flag
HP doesn't respect principles of software design
I love my HP officejet 5510 but when I bought it as a standalone the software that came with it caused endless antivirus alerts and booting problems for my winxp home os on a non-HP pc. Who do these guys think they are to thrust themselves onto the desktop this way? Do they not care what compatibility issues do on the user end? When I bought an HP pc and migrated the printer to it those issues quieted down, but the whole "HP resource center" thing they put on their pc still irritates the antivirus and anti-adware systems; and they insanely made a limited-trial version of buggy Roxio software a key dedicated component of their Windows os package. Whoever runs their software division needs to be taken out to the woodshed...
Posted by Razzl (1318 comments )
Reply Link Flag
HP doesn't respect principles of software design
I love my HP officejet 5510 but when I bought it as a standalone the software that came with it caused endless antivirus alerts and booting problems for my winxp home os on a non-HP pc. Who do these guys think they are to thrust themselves onto the desktop this way? Do they not care what compatibility issues do on the user end? When I bought an HP pc and migrated the printer to it those issues quieted down, but the whole "HP resource center" thing they put on their pc still irritates the antivirus and anti-adware systems; and they insanely made a limited-trial version of buggy Roxio software a key dedicated component of their Windows os package. Whoever runs their software division needs to be taken out to the woodshed...
Posted by Razzl (1318 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.