--SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi folks! I just played with our network printer (a HP LaserJet 4500) and -- boom -- it crashed ;-)=20 The HP JetDirect J3111A module with firmware G.05.35 suffers from a buffer overflow in it's internal web server. If you enter the following URL in your web browser http://my-printer's-ip/very-long-rubbish(256 bytes or so) the printer prints a diagnostics page showing the contents of all registers and the following 64 bytes of all memory addresses that address registers point to. Obviously it's a M680x0 CPU with 512 KB of RAM in our model, so writing an exploit should be fairly easy. The nice point about it is that most people wouldn't expect their printer to be compromised -- and since there is no logging on the printer, you can't easily be tracked down... Ciao, Tobias PS: I searched the web page of HP for any e-mail-address that could be=20 used to inform them about bugs, but i did not find any e-mail-address at all. The web site seems to be one-way...=20 --=20 Dipl. Inform. Tobias Haustein Department of Computer Science IV, Aachen University of Technology Ahornstr. 55, D-52056 Aachen Phone +49 (241) 80-21417, Fax +49 (241) 8888-220 E-Mail hausteinat_private-aachen.de Web http://www-i4.informatik.rwth-aachen.de/~haustein/ --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: H+VKmigVK59pAjCnxblKrhcnezMKRLG5 iQEVAwUBODUe6xs02tO3FOYBAQHkAQgAmZ2khTPxMP9L6hV3wj/srGHw8GKlG6ix pB8YZ9v2M/I+OrTaaviHUObgQA+mP6jXhb++xA0tLYFLc70ktfh8p2bsLc+a31Pu lKbRTyydc2/gB9LKXj5uX+3SwG+6s8zcB59njKRQCL52sUiY88YwEtReVqrrs9DX AovmzhlZGouWc0jUsgVsA6Ou3uEyDtQSZCvX573c4PBv0fMn6+ZdRM/qs1Movo98 Q4ilXJpIuM84wSZUg3jko6gaXSY4kc8vTAh7yKsNqqX4Kve5ZTRGZUn50MKS1hKM nFw3ArqwZui4QDH7U+feJcCspx7FALIfuenZ9wJSUJq276moBjs2Gg== =1zrQ -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:26 PDT