RE: IBM Infoprint Remote Management Simple DoS (update)

["Toni Lassila" <toni.lassila () mc-europe com>]

UPDATE:

It appears this vulnerability has been rectified in later versions
of the printer controller software. As it stands, printers installed
with the controller software above a certain version are NOT
vulnerable, and it appears the latest Infoprint series printers are
indeed not vulnerable. Thanks to Fredrik Björk
<Fredrik.Bjork.List () varbergenergi se> and Onyx Thanes <wewe () personal ro>
for information relating to non-vulnerable versions:


Confirmed vulnerable:

IBM Infoprint 21 - Controller Code Level: 1.047012


Confirmed NOT vulnerable:

IBM Infoprint 21 - Controller Code Level: 1.056007
Any newer Infoprint models


As to when IBM started releasing the printers with the non-vulnerable
software installed, well, you'd have to ask IBM for that.


> -----Original Message-----
> From: Toni Lassila 
> Sent: Friday, October 25, 2002 12:19
> To: bugtraq () securityfocus com
> Subject: IBM Infoprint Remote Management Simple DoS 
>
>
> Overview
> ========
> IBM makes a series of TCP/IP enabled printers that come with remote
> management features:
>
> <http://www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect>
>
> One of these features is a Telnet-based remote management 
> service, which has a DoS vulnerability. The vulnerability
> discussed here was tested on an IBM Infoprint 21 (older
> model), but is probably present in other printers
> of the same product line.