Details have emerged of a high severity security vulnerability affecting a software driver used in HP, Xerox and Samsung printers that has not been detected since 2005.
Plotted as CVE-2021-3438 (CVSS score: 8.8), the problem relates to a buffer overflow in a print driver installation package named “SSPORT.SYS” which can enable remote privileges and the execution of arbitrary code. Hundreds of millions of printers have been released around the world to date with the vulnerable driver in question.
However, there is no evidence that the flaw has been abused into real-world attacks.
“A potential buffer overflow in the software drivers of certain HP LaserJet products and Samsung product printers could lead to privilege escalation,” according to a notice published in May.
The issue was reported to HP by SentinelLabs threat intelligence researchers on February 18, 2021, following which solutions were released for the affected printers on May 19, 2021.
Specifically, the problem is that the printer driver does not clean up the size of user input, potentially allowing an unprivileged user to elevate their privileges and execute malicious code in kernel mode on them. systems where the buggy driver is installed. now
“The vulnerable function inside the driver accepts data sent from user mode through IOCTL (input / output control) without validating the size parameter,” SentinelOne researcher Asaf Amir said in a shared report. with The Hacker News. “This function copies a string from user input using ‘strncpy’ with a user-controlled size parameter. Essentially, this allows attackers to override the buffer used by the driver.”
Interestingly, it appears that HP copied the driver functionality from an almost identical Windows driver sample released by Microsoft, although the sample project itself does not contain the vulnerability.
This is not the first time that security vulnerabilities have been discovered in old software drivers. Earlier in May, SentinelOne revealed details of several critical privilege escalation vulnerabilities in Dell’s firmware update driver named “dbutil_2_3.sys” that have not been disclosed for over 12 years.