Details have emerged of a high severity security vulnerability affecting a software driver used in HP, Xerox and Samsung printers that has not been detected since 2005.
Track as CVE-2021-3438 (CVSS score: 8.8), the issue is a buffer overflow in a print driver installation package named “SSPORT.SYS” which can enable remote privileges and the execution of arbitrary code. Hundreds of millions of printers have been released around the world to date with the vulnerable driver in question.
However, there is no evidence that the flaw has been abused into real-world attacks.
“A potential buffer overflow in the software drivers of certain HP LaserJet products and Samsung product printers could lead to privilege escalation,” according to a notice published in May.
Specifically, the problem is that the printer driver does not clean up the size of user input, potentially allowing an unprivileged user to elevate their privileges and execute malicious kernel-mode code on them. systems where the buggy driver is installed. now
“The vulnerable function inside the driver accepts data sent from user mode via IOCTL (Input / output control) without validating the size parameter ”, Asaf Amir, SentinelOne researcher mentionned in a report shared with The Hacker News. “This function copies a string from user input using ‘strncpy‘with a user-controlled size parameter. Essentially, it allows attackers to override the buffer used by the pilot. “
Interestingly, it looks like HP copied the functionality of the driver from a almost identical Windows driver example published by Microsoft, although the sample project itself does not contain the vulnerability.
This is not the first time that security vulnerabilities have been discovered in old software drivers. Earlier in May, SentinelOne revealed details of several critical privilege escalation vulnerabilities in Dell’s firmware update driver named “dbutil_2_3.sys“which has not been disclosed for over 12 years.