Details have surfaced about a high severity protection vulnerability affecting a software drivers used in HP, Xerox, plus Samsung printers that has continued to be undetected since 2005.
Tracked as CVE-2021-3438 (CVSS report: 8.8), the issue considerations a buffer overflow in a very print driver installer bundle named “SSPORT.SYS” which could enable remote privilege plus arbitrary code execution. Billions of printers have been unveiled worldwide to date with the insecure driver in question.
However, there is not any evidence that the flaw had been abused in real-world episodes.
“A potential buffer flood in the software drivers surely HP LaserJet products and Korean product printers could lead to a good escalation of privilege,” according to an advisory posted in May.
The issue had been reported to HP simply by threat intelligence researchers via SentinelLabs on February 16, 2021, following which remedies have been published for the influenced printers as of May 20, 2021.
Specifically, the issue depends on the fact that the printer drivers doesn’t sanitize the size of an individual input, potentially allowing a good unprivileged user to turn privileges and run malevolent code in kernel setting on systems that have this buggy drivers installed. now
“The vulnerable function inside the driver accepts data sent via User Mode via IOCTL (Input/Output Control) without validating the size parameter,” SentinelOne researcher Asaf Amir said in a report shared with Often the Hacker News. “This functionality copies a string from your user input using ‘strncpy‘ with a size parameter that is certainly controlled by the user. Essentially, this enables attackers to overrun this buffer used by this driver.”
Interestingly, it appears that HP copied the driver’s functionality from a near-identical Windows driver sample published by Microsoft, however the sample project in itself won’t contain the vulnerability.
This is not really the first time security flaws are already discovered in old software motorists. Earlier this May, SentinelOne disclosed details about multiple critical benefit escalation vulnerabilities in Dell’s firmware update driver branded “dbutil_2_3.sys” that went undisclosed for more than 12 years.