Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HP LaserJet 4 Series Jet Direct

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sun, 18 Jun 2000 20:21:07 -0700

Ryan Yagatich wrote:


I'm not sure if this can be considered a "vulnerability" but in my eyes it is.

With the HP LaserJet 4 series Jet direct card you can telnet to port 9099 on the printer's IP address and type any 
text and on disconnect the page will be printed. If someone writes a piece of software that is like a dictionary 
generator and pushes it to this port, and then kills the connection later, it is possible to DOS your print services. 
why? well no paper/toner so you have no service.


Ok, so I can print to the printer..



Workaround:

use a paralell connection between your printer and computer, and share it via Windows 9x printer sharing, or via 
Samba. Plus, this way you don't have to forfeit an IP address.


..And then, I can print to the printer?



Questions/Comments:

please comment as much as possible on this topic.

Ryan Yagatich


Not really seeing how the second choice keeps me from using as much toner
and paper.  There have been some really interesting attacks against
HP's JetDirect cards in the past though... keep looking.

                                        BB
Previous By Date Next
Previous By Thread Next

Current thread: