[Printing-architecture] Fwd: raw socket Linux kernel panic
Ira McDonald
blueroofmusic at gmail.com
Wed Jun 19 17:12:04 UTC 2019
Hi,
Here's the SANS Institute info on this Linux kernel bug:
https://isc.sans.edu/forums/diary/What+You+Need+To+Know+About+TCP+SACK+Panic/25046/
Note that a print server that is forwarding from end print clients to
downstream printers could be open to this kernel panic bug, if it
supports Port 9100 printing.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
PO Box 221 Grand Marais, MI 49839 906-494-2434
On Wed, Jun 19, 2019 at 11:10 AM Till Kamppeter <till.kamppeter at gmail.com>
wrote:
> Only the printers open port 9100 to receive jobs, a computer does never
> open this port for printer sharing. So is this secyrity issue about
> breaking into the printer then?
>
> Till
>
>
> On 19/06/2019 16:56, Ira McDonald wrote:
> > Hi,
> >
> > Of course, we don't encourage people to use Port 9100 (for example)
> > for printing, but this raw socket kernel panic looks like a serious
> issue.
> >
> > Cheers,
> > - Ira
> >
> >
> > ---------- Forwarded message ---------
> > From: *Dave New* <dave.new at fcagroup.com <mailto:dave.new at fcagroup.com>>
> > Date: Wed, Jun 19, 2019 at 10:46 AM
> > Subject: raw socket Linux kernel panic
> > To: Ira McDonald <blueroofmusic at gmail.com <mailto:
> blueroofmusic at gmail.com>>
> >
> >
> > Ira,
> >
> > Heard on the security now podcast this morning, there is a raw socket
> > Linux kernel panic that goes back about ten years. I noticed that you
> > are involved with the printing stuff, and I recall that includes raw
> > sockets, which might be likely exposed to the Internet (purposefully or
> > accidentally).
> >
> > What I understand is that the issue is in the kernel TCP stack, so there
> > may be little that can be done from the printer driver level, except
> > maybe close off the raw socket access until the kernels can be patched.
> >
> > Steve Gibson expects that by next week, an attack in the wild against
> > unpatched kernels will be featured front-and-center for his podcast.
> >
> > Thanks,
> >
> > -- DaveN
> >
> >
> > Dave New
> >
> > Advanced Senior Engineer
> >
> > E/E Wireless & Security
> >
> >
> > FCA US LLC
> >
> > CIMS 484-10-01
> >
> > 800 Chrysler Dr, Auburn Hills, MI USA 48326-2757
> >
> > USA
> >
> >
> > Telephone: +1 (248) 576 1591
> >
> > Mobile: +1 (248) 705 8701
> >
> > FAX: +1 (248) 576 8398
> >
> > Email:dave.new at fcagroup.com <mailto:dave.new at fcagroup.com>
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/printing-architecture/attachments/20190619/9a5bd195/attachment-0001.html>
More information about the Printing-architecture
mailing list