Bugtraq mailing list archives
Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support)
From: cazz () RUFF CS JMU EDU (Brian)
Date: Fri, 19 Nov 1999 20:21:20 -0500
Obviously it's a M680x0 CPU with 512 KB of RAM in our model, so writing an exploit should be fairly easy. The nice point about it is that most people wouldn't expect their printer to be compromised -- and since there is no logging on the printer, you can't easily be tracked down...
HP JetDirects can have the web server turned off (a good idea) and use remote syslog to log all connections to the printer. The HP print server control software automaticly turns the web configuration back on, so I wouldn't use that, I would physicly go up to the printer and disable all services you don't need. If only one could add in ip allow ranges, then I would be happy. -cazz <!-- attachment="bin0a29070" --> <HR> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: Windows NT update carries bug, (continued)
- Re: Windows NT update carries bug Fabian Kroenner (Nov 16)
- [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Dennis W. Mattison (Nov 16)
- Jet Vulnerability affect Office 95 users (fwd) ah1 () SECURITYFOCUS COM (Nov 17)
- Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Ronan Waide (Nov 17)
- Re: Tektronix PhaserLink Webserver Reveals Admin Password Blake Frantz (Nov 17)
- Remote DoS attack against Microsoft SQL Server 7.0 Kevork Belian (Nov 17)
- Re: Tektronix PhaserLink Webserver Reveals Admin Password elfchief () LUPINE ORG (Nov 18)
- Potential vulnerability in Oracle Mary Ann Davidson (Nov 18)
- Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webservergives Administrator Password] Dennis W. Mattison (Nov 18)
- buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Tobias Haustein (Nov 19)
- Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Brian (Nov 19)
- Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Pat Hayden (Nov 20)
- Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability Ussr Labs (Nov 22)