Printer Vulnerabilities (Tektronix and JetDirect)

From: Elias Levy (aleph1at_private)
Date: Tue Nov 23 1999 - 09:23:57 PST

Next message: Solar Eclipse: "Re: WordPad/riched20.dll buffer overflow"

Previous message: Alec Muffett: "ANN: Bruce v1.0 Early Access 1 - Available for downloa"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am summarizing a number of replies to the printer vulnerability
threads.

Tektronix:

Vulnerable:

Phaser 360 - Wyman Eric Miles <wymanmat_private>
Phaser 840 - HC Security <securitat_private>
Phaser 780 - "Tim Adams" <TAdamsat_private>

Not Vulnerable:

Phaser 360 - HC Security <securitat_private>


HP JetDirect overflow:

Not Vulnerable:

Firmware Revision G.07.17 - Jens Hektor <hektorat_private-aachen.de>

Vulnerable:

JetDirect 300x print server J3263A firmware H.06.00 - olivier Schott <ostat_private>

To disable port 80 use the command:

ews-config: 0

>From David Foster <fosterat_private>:

If you are using bootp/tftp to configure your printers, you can specify an      allowed IP range in /tftpboot/<printer-name>.cfg, like:

        xxx.yyy.zzz.0  255.255.255.0


--
Elias Levy
Security Focus
http://www.securityfocus.com/

Next message: Solar Eclipse: "Re: WordPad/riched20.dll buffer overflow"
Previous message: Alec Muffett: "ANN: Bruce v1.0 Early Access 1 - Available for downloa"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:50 PDT