Vulnerability Development mailing list archives
Re: HP LaserJet 4 Series Jet Direct (and others)
From: joel () DIGGY COM AU (Joel Michael)
Date: Mon, 19 Jun 2000 13:55:43 +1000
I would consider this a DOS, because, as you said, it can easily run out of toner/paper. Another potential problem is if someone pushes something offensive down to the printer, and just leaves it for the next person to pick up. This isn't limited to HP LaserJet's. I have a secondhand Kyocera FS-3500 with some kind of network interface that I know nothing about, except that it has an FTP server in it - you can ftp a document to be printed. It also has SMB, IPX and AppleTalk, but I can't figure 'em out (if anyone knows ANYTHING about what i'm talking about, PLEASE contact me!). This has just got me thinking. I wonder if there's anything else more nasty that you can do to these types of printers, e.g. buffer overflows, that will crash the printer and require it to be reset? But, then again, who gives printers publicly available, un-firewalled IP addresses?:-) -- Joel Michael, who is going to run nmap over his printer when he gets home... ----- Original Message ----- From: Ryan Yagatich <ryagatich () CSN1 COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Monday, June 19, 2000 12:58 PM Subject: HP LaserJet 4 Series Jet Direct Hello, I'm not sure if this can be considered a "vulnerability" but in my eyes it is. With the HP LaserJet 4 series Jet direct card you can telnet to port 9099 on the printer's IP address and type any text and on disconnect the page will be printed. If someone writes a piece of software that is like a dictionary generator and pushes it to this port, and then kills the connection later, it is possible to DOS your print services. why? well no paper/toner so you have no service. Workaround: use a paralell connection between your printer and computer, and share it via Windows 9x printer sharing, or via Samba. Plus, this way you don't have to forfeit an IP address. Questions/Comments: please comment as much as possible on this topic. Ryan Yagatich
Current thread:
- Re: N2H2 Web Proxy/Filter appliance, (continued)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 16)
- Re: Firewalls and stuff (Was about N2H2) Mark (Jun 17)
- Re: Firewalls and stuff (Was about N2H2) Crispin Cowan (Jun 17)
- (no subject) Bluefish (Jun 18)
- Re: N2H2 Web Proxy/Filter appliance Eric Wanner (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Bluefish (Jun 18)
- HP LaserJet 4 Series Jet Direct Ryan Yagatich (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Joel Michael (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Steven Duckworth (Jun 19)
- omni backup program Antonomasia (Jun 19)
- Re: HP LaserJet 4 Series Jet Direct Felix von Leitner (Jun 21)
- [Fwd: Exploit code for PalmOS] Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Max Vision (Jun 18)