HP has finally addressed the two big bugs that allow anyone to crash a network connected printer. The first bug is their succeptability to the nestea2 and other TCP/IP exploits. This bug is fixed in several releases of firmware for their different cards. A05.08 is for most HP 5 series network printers. This release have been available for some time but they yet to release it to their web site. You must contact their support organization and ask for it specifically. The second bug only affects HP 5m and some 5si's with older formatter firmware. This bug is due to a communication error between the printer and the network interface. Using a simple multivarible SNMP getnext command, you can crash the network interface causing the printer to drop off the network. HP has provided the a beta firmware release A05.09 that addresses this issue. If you want to get this bugfix please contact HP customer care, indicate that you are getting a 79 SE problem with a 5M and ask for the BETA A.05.09 release which cisco has. Once they are comfortable that this firmware has been tested widly without incident they will release it. In my opinion both these firmware releases should be considered manditory anywhere where printer's are exposed to untrusted network traffic. I would strongly advise any institution that does not have their printers firewalled off (and most that do) to apply this patched firmware to eliminate the possibility of a widespread DOS attack. -ben
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:15 PDT