In addition to using nestea2 to crash any HP printer, I seem to have found a way to crash certain HP printers with a single perfectly legitimate SNMP packet. The potential impact of this problem is that within a couple of seconds, someone could crash all the HP 5M and 5N printers within a whole network. Since the attack involves just one packet per network connected printer, it would be very difficult to trace where the attack came from. The danger is not that a person could crash one printer but rather that a person could severly impact printing in a fairly wide area. Ambrose Li reported to me that every time that he ran my program "npadmin --languages" (ftp://pasta.penguincomputing.com/pub/prtools) against a 5N printer it crashed the mio card with a 79 error. A 79 error is almost a catch all error message. There are so many things that it can mean, that its meaning is very indistinct. I have also been able to reproduce this with 5M printers. (The 4 series printers as well as the HP color LaserJets don't have the objects that seem to cause the problem and the 5si printers don't seem to be affected.) I reported the problem to HP they gave me case number 1420924269. In keeping with corporate policy, HP is very tight lipped about the problem and have said nothing since I reported the problem to them. They will not say anything until they have a patch available. Those that administer print services for an area might want to keep an eye out for a new version of firmware from HP. I am pretty sure that it is not a bug in my program because I can reproduce it without using my program by simply doing: $ snmpgetnext scv-sirloin public 43.15.1.1.2.1.5 43.15.1.1.3.1.5 \ > 43.15.1.1.4.1.5 43.15.1.1.5.1.5 43.15.1.1.6.1.5 43.15.1.1.7.1.5 \ > 43.15.1.1.8.1.5 43.15.1.1.9.1.5 43.15.1.1.12.1.5 I also went through hex dumps for both the packet that snmpgetnext sends and the packet that I am sending and studied them at very great length. They are both VERY different but they ellicit the same problem and so I do not believe that it is a problem with the packet per se but rather a problem with the way that the printer deals with the packet. The fact that it does not affect 5si's suggests to me that the problem might be in the way that formatter software passes the information back to the MIO interface. In that case, it might require a hardware upgrade to remedy the problem. This problem does not seem to be mio firmware version dependent.The printer that I did my initial reproduction of the problem on has a J2552A MIO card in it running firmware version A.04.09 however I also tried it on printers that run A.04.08, and A.05.05 and they have the same problem. -ben
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:09 PDT