Phenoelit Advisory #0815 +-+

[kim0 <kim0 () phenoelit de>]

--
           kim0   <kim0 () phenoelit de>
       Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-+>

[ Authors ]
        FX              <fx () phenoelit de>
        kim0            <kim0 () phenoelit de>  

        Phenoelit Group (http://www.phenoelit.de)
        Advisroy        http://www.phenoelit.de/stuff/HP_snmp.txt

[ Affected Products ]
        Hewlett Packard (HP)  
                        Printers

        HP Bug ID:      Not assigned
        CERT Vulnerability ID:  377033

[ Vendor communication ]
        06/29/02        Initial Notification, security-alert () hp com
                        *Note-Initial notification by phenoelit
                        includes a cc to cert () cert org by default
        06/29/02        RBL blocked delivery to security-alert () hp com
        06/29/02        Creation of ho-mail account and resend
                        (note, kim0 HATES ho-mail at this point)
        07/01/02        Auto-responder reply
        07/01/02        Human Contact, PGP exchange and ack.
        07/19/02        Notification of intent to post publically
                        in apx. 7 days.
        07/23/02        Coordination for release date/times

[ Overview ]
        HP Network-Enable Printers (JetDirect)
        
[ Description ]
        SNMP variable accessible by SNMP READ exposes HTTP and TELNET 
        administrative access password in HEX 
        (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0)
        An SNMP read request to this variable will return a HEX string 
        such as 0x01 0X15 0x41 0X41, where the numbers after the second 
        byte represent the password in ASCII (in this case, the password is 'AA').

[ Example ]
        linux# snmpget <printer_ip> public .iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0

[ Solution ]
        None known at this time. 

[ end of file ]