A few months ago, I reported that you could crash HP 5m printers by doing a multivarible SNMP query on the interpreters table. I have since found a similar problem that applies to all HP 5 series printers whose firmware datecode is less than 19960829. The easiest way to figure out if your printer is affected is to use a snmptool such as those from UC Davis (http://www.ece.ucdavis.edu/ucd-snmp/) and try the command: snmpget printername public 43.15.1.1.4.1.1 The easiest way to manifest the bug is to use a program like npadmin (http://www.penguincomputing.com/prtools/npadmin.html) and try to examine a large table like the interpreters or channels table: npadmin --languages printername or npadmin --protocol printername The bug leaves the printer in different conditions depending on the JetDirect firmware revision, the model of the printer, and possibly the state of the printer at the time of the attack. In many cases it leaves the printer with a 79(12BF) or 79(9208) error but still pingable. In this state it may even accept one print job but not print it. In other cases, ther error message in the display is missing. In a few cases the printer is left unpingable. The problem seems to be independant of the JetDirect hardware and firmware revision and so doing a flash upgrade will not solve the problem. The problem seems to be due to a bug in the printer firmware, often times called the formwatter, which crashes when certain multivariable SNMP queries are executed. Upgrading the formatter software involves replacing some hardware within the printer and so this can not be trivially done. I reported this bug to HP a couple of days ago, and they believe that it is the same bug that causes all HP 5m's to crash on certain multivariable queries. They are in the process of preparing a JetDirect flash upgrade that works around the bug in the formatter. -ben
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:38 PDT