Re: Nimda affecting HP LaserJet / JetDirect devices?

[Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>]

"Michael W. Shaffer" <shaffer () labs agilent com> writes:

> We are starting to get reports here from various users around our
> site that our HP network printers are displaying strange messages
> such as 'Good Morning', 'Nimda Live', and 'Kill Trees'. Has anyone
> else noticed this behavior?

We have received reports that certain HP LaserJet models with
JetDirect cards are affected by a high number of HTTP requests sent to
them, for example by Nimda machines.  There are rumors that the
printer overwrites its EEPROM or its firmware, leaving it dead even
after a power cycle, and that the JetDirect card has to be sent in to
be repaired.  However, someone expressed hope that doing multiple cold
resets with and without the JetDirect card (not connected to the
network) should bring it to live again.

Lexmark printers with Netmark cards are DoSsed, too, if an old
firmware is used.  (In the default configuration, anybody can upload a
new firmware to the Netmark card using TFTP, so funny effects are
certainly possible.)

Up-to-date information is available here (in German only, sorry):

http://cert.uni-stuttgart.de/ticker/article.php?mid=488

-- 
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com