0815 ++ */ SEH_Web

[kim0 <kim0 () phenoelit de>]

--
           kim0   <kim0 () phenoelit de>
       Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +--+>

[ Authors ]
        FX              <fx () phenoelit de>
        kim0            <kim0 () phenoelit de>  

        Phenoelit Group (http://www.phenoelit.de)
        Advisory        http://www.phenoelit.de/stuff/SEH_Web.txt

[ Affected Products ]
        SEH GmbH
                        IC9 Pocket Print Server

        Tested on
                        SEH IC9 (Firmware 7.1.30 and 7.1.36f)

        SEH Bug ID:     Not assigned

[ Vendor communication ]
        06/29/02        Initial Notification, support () seh de
                        *Note-Initial notification includes
                        a cc to cert () cert org
        06/29/02        Auto-Responder reply from SEH
        07/01/02        Human ack. from SEH, denial that problem exists
                        along with new firmware version
        07/01/01        Despite fact that phenoelit is not a software 
                        test-lab, we confirmed that problem exists in new 
                        firmware as well and passed info to vendor
        07/19/02        Notification of intent to post publically
                        in apx. 7 days.

[ Overview ]
        The IC9 Pocket Print Server is a small pocket sized network 
        interface for printers. 
        
[ Description ]
        By sending an oversized administrative password using the 
        web-interface, an attacker can cause the print server device to reboot 
        itself (and reset the printer attached).

[ Example ]
        Enter a password for the administrator that is 300 characters or more 
        and <click> the button.

[ Solution ]
        None known at this time. 


[ end of file ]