Re: zepcom001

[Leif Ericksen <leife () dls net>]

HUMMM To me that looks like a binary file being sent to the printer or
lp or lpd device...  Normally it is a bad idea to send binary files to
the printers because they do not know how to deal with such files.
Security risk maybe.  Just means you have stupid users if they are going
to send binaries to a printer.  After all it will cause may one or two
lines of junk to be printed if not the entire page, and maybe even so
much junk that it makes the printer run out of paper.  Kill the job
reset the printer wait for next stupid user.

rather than using /ntldr or /kernel 
build your own binary and print it.

On Sat, 2006-02-04 at 06:29 +0100, zepcumzepcum () hushmail com wrote:
>

> zepcom-001.txt
> Hello dear readers and welcome to our fist advisory!
> we have found a ressurse exarstion bog in notepad and assosiated 
> ressurses.
> if u have a printer and u type start and run and type notepad and 
> then you type
> NOTEPAD.EXE /P C:\NTLDR and not make mutex_a to prevent dedflock
> then your PRINTER will run OUT of PAPER! this is bad!!
> This is a serrius ressurse starvation of big company if they print 
> regnings
> or other important papers. This has been veriffied on:
>
> windows NT ( UNTESTED )
>
> windows 2000 sp0
> windows 2000 sp1
> windows 2000 sp2
> windows 2000 sp3
> windows 2000 sp4
> windows 2000 sp5
> windows 2000 sp6
>
> windows XP sp0
> windows XP sp1
> windows XP sp2
> windows XP sp3
>
> AND OPEN SOURC EALSO HAS PROBLEM WITH CAT 
> IF you use cat and feed to telnet and port 90+00 of
> print server and put to /kernel then you can kill the printer!
> This can be very serius flav for big billing company

-- 
Leif Ericksen <leife () dls net>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/