Mystery of crashing HP printers solved

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/21008.html

By John Leyden
Posted: 14/08/2001 

A DoS vulnerability with the installation and management software used
on HP's line of commercial print servers has been reported.

The potential flaw, which HP has not so far publically acknowledged,
is interesting not because it is particularly devasatating (it isn't)
but because it may explain problems our readers are having with
printers of late.

According to a posting on security mailing list BugTraq, HP JetDirect
devices configured using the JetAdmin web interface fail to set a
password for Telnet access when the administrator password is chosen.

Because of this the Telnet port of a printer will be left exposed to
unrestricted remote access. This means (at least in theory) that
hackers could create a denial of service. The potential also exists to
monitor printer activity, and this might be used to gather information
to use in subsequent attacks on systems, according to the posting.

Hewlett-Packard hasn't issued a response to the report, so we can't be
certain there's a genuine problem. That said we give a lot of credence
to the alert because it goes a long way to explain a number of emails
we've had of late complaining of unexplained crashes on HP printers.

Many users have attributed this to the side effects of scanning from
the Code Red worm but security testing experts at NTA Monitor told us
the Telnet vulnerability was a more likely cause.

Security experts advise that the easiest way to guard against the
possible Telnet vulnerability is to manually set a password for access
through Telnet on the device. Looking at blocking off access to Telnet
ports on devices through setting up an appropriate rule on a firewall
wouldn't go amiss either.

During the DefCon conference last month a denial of service attack
that exploited an FTP access vulnerability on HP JetDirect devices was
discussed.

According to an email sent to the Register, HP support staff were told
to advise users to guard against the problem by either disabling FTP
access to the JetDirect card or change the default gateway on
JetDirect to an internal address.

Support staff were told not to discuss the problem with users as this
could "cause unnecessary fear for their security, and general lack of
faith in the product".

We will leave you to decide if HP is taking the same stance with the
reported Telnet password vulnerability.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.