Re: JetDirect Card Attack

From: Brian Eckman (ECKMA009at_private)
Date: Mon Jul 23 2001 - 09:52:06 PDT

  • Next message: Tim Brown: "Peak Activity of Red Worm?"

    Bugtraq ID 814 (Nov 18, 1999) discusses a buffer overflow in the HP JetDirect Internal Webserver. Any firmware version prior to 7.xx would crash when accessed via 
    http: //printer IP address/256 character string here
    
    Is this the issue here? My 60+ HP Printers all with JetDirect cards at firmware 8.32 didn't seem to be affected by the worm. I know a more recent advisory discussed buffer overflows in versions as new as 8.20, but the Web server was not listed as vulnerable. The original firmware in my 4000TN was 5.34, which was definitely vulnerable to the Web buffer overflow, as it was the first printer that I tested at the time.
    
    Perhaps someone who had this problem with the worm can verify their firmware version? 
    
    Brian
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 12:02:36 PDT