Bugtraq mailing list archives

Re: Cert Advisory 2002-03 and HP JetDirect

From: Russell Fulton <R.FULTON () auckland ac nz>
Date: 20 Feb 2002 15:19:51 +1300

On Wed, 2002-02-20 at 04:53, Information Security wrote:

It appears that HP JetDirect firmware is more susceptible to SNMP
vulnerabilities than originally referenced in the CERT Advisory CA-2002-03
(http://www.cert.org/advisories/CA-2002-03.html).  Some basic testing with
Protos on an internal network seems to indicate that devices with JetDirect
firmware x.08.32 crash each time a single malformed SNMP packet is received.
The HP Download Manager for JetDirect reports that the printer software is
up-to-date.


After running the SANS tool for finding machines where snmp is active I
had a number of people say that their HP printers had
a/ hung up and required powering off or resetting
b/ spewed out garbage pages.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

Current thread:

Cert Advisory 2002-03 and HP JetDirect Information Security (Feb 19)
- Re: Cert Advisory 2002-03 and HP JetDirect Russell Fulton (Feb 20)
- Re: Cert Advisory 2002-03 and HP JetDirect Joshua Newton (Feb 20)
- <Possible follow-ups>
- Re: Cert Advisory 2002-03 and HP JetDirect david evlis reign (Feb 23)