Re: JetDirect password disclosure

From: Javier Fernandez-Sanguino (jfernandezat_private)
Date: Tue Mar 04 2003 - 09:25:44 PST

Next message: Renaud Deraison: "Re: JetDirect password disclosure"

Previous message: Renaud Deraison: "JetDirect password disclosure"
In reply to: Renaud Deraison: "JetDirect password disclosure"
Next in thread: Renaud Deraison: "Re: JetDirect password disclosure"
Reply: Renaud Deraison: "Re: JetDirect password disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Renaud Deraison wrote:
> Could anyone test this plugin on a password protected JetDirect, and
> confirm that it indeed works ? (I could only test it on a non-password
> protected HP jetdirect which has a crashed telnet server :)
> 


Doesn't work for me. I'm testing against an HP JetDirect printer that 
_does_ answer when doing
  snmpget -v 1 -c internal XXXXX .1.3.6.1.4.1.11.2.3.9.1.1.13.0

After tracing the code the culprit seems to be this one:
if(ord(r[17+strlen(community)]))exit(0);

Note that the result I get if I uncomment this line is gibberish, 
whileas snmpget returns:
enterprises.11.2.3.9.1.1.13.0 =  Hex: 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00
(15 x 16 '00's)

	Regards

Javi

Next message: Renaud Deraison: "Re: JetDirect password disclosure"
Previous message: Renaud Deraison: "JetDirect password disclosure"
In reply to: Renaud Deraison: "JetDirect password disclosure"
Next in thread: Renaud Deraison: "Re: JetDirect password disclosure"
Reply: Renaud Deraison: "Re: JetDirect password disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 09:28:23 PST