[ISN] Mystery of crashing HP printers solved

From: InfoSec News (isnat_private)
Date: Wed Aug 15 2001 - 00:48:32 PDT

  • Next message: InfoSec News: "[ISN] CRYPTO-GRAM, August 15, 2001"

    By John Leyden
    Posted: 14/08/2001 
    A DoS vulnerability with the installation and management software used
    on HP's line of commercial print servers has been reported.
    The potential flaw, which HP has not so far publically acknowledged,
    is interesting not because it is particularly devasatating (it isn't)
    but because it may explain problems our readers are having with
    printers of late.
    According to a posting on security mailing list BugTraq, HP JetDirect
    devices configured using the JetAdmin web interface fail to set a
    password for Telnet access when the administrator password is chosen.
    Because of this the Telnet port of a printer will be left exposed to
    unrestricted remote access. This means (at least in theory) that
    hackers could create a denial of service. The potential also exists to
    monitor printer activity, and this might be used to gather information
    to use in subsequent attacks on systems, according to the posting.
    Hewlett-Packard hasn't issued a response to the report, so we can't be
    certain there's a genuine problem. That said we give a lot of credence
    to the alert because it goes a long way to explain a number of emails
    we've had of late complaining of unexplained crashes on HP printers.
    Many users have attributed this to the side effects of scanning from
    the Code Red worm but security testing experts at NTA Monitor told us
    the Telnet vulnerability was a more likely cause.
    Security experts advise that the easiest way to guard against the
    possible Telnet vulnerability is to manually set a password for access
    through Telnet on the device. Looking at blocking off access to Telnet
    ports on devices through setting up an appropriate rule on a firewall
    wouldn't go amiss either.
    During the DefCon conference last month a denial of service attack
    that exploited an FTP access vulnerability on HP JetDirect devices was
    According to an email sent to the Register, HP support staff were told
    to advise users to guard against the problem by either disabling FTP
    access to the JetDirect card or change the default gateway on
    JetDirect to an internal address.
    Support staff were told not to discuss the problem with users as this
    could "cause unnecessary fear for their security, and general lack of
    faith in the product".
    We will leave you to decide if HP is taking the same stance with the
    reported Telnet password vulnerability.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 07:04:54 PDT