Full Disclosure mailing list archives
Re: zepcom001
From: Leif Ericksen <leife () dls net>
Date: Sat, 04 Feb 2006 09:29:01 -0600
HUMMM To me that looks like a binary file being sent to the printer or lp or lpd device... Normally it is a bad idea to send binary files to the printers because they do not know how to deal with such files. Security risk maybe. Just means you have stupid users if they are going to send binaries to a printer. After all it will cause may one or two lines of junk to be printed if not the entire page, and maybe even so much junk that it makes the printer run out of paper. Kill the job reset the printer wait for next stupid user. rather than using /ntldr or /kernel build your own binary and print it. On Sat, 2006-02-04 at 06:29 +0100, zepcumzepcum () hushmail com wrote:
zepcom-001.txt Hello dear readers and welcome to our fist advisory! we have found a ressurse exarstion bog in notepad and assosiated ressurses. if u have a printer and u type start and run and type notepad and then you type NOTEPAD.EXE /P C:\NTLDR and not make mutex_a to prevent dedflock then your PRINTER will run OUT of PAPER! this is bad!! This is a serrius ressurse starvation of big company if they print regnings or other important papers. This has been veriffied on: windows NT ( UNTESTED ) windows 2000 sp0 windows 2000 sp1 windows 2000 sp2 windows 2000 sp3 windows 2000 sp4 windows 2000 sp5 windows 2000 sp6 windows XP sp0 windows XP sp1 windows XP sp2 windows XP sp3 AND OPEN SOURC EALSO HAS PROBLEM WITH CAT IF you use cat and feed to telnet and port 90+00 of print server and put to /kernel then you can kill the printer! This can be very serius flav for big billing company
-- Leif Ericksen <leife () dls net> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- zepcom001 zepcumzepcum (Feb 03)
- RE: zepcom001 Very Unprivate (Feb 03)
- Re: zepcom001 Leif Ericksen (Feb 04)