Bugtraq mailing list archives

RE: Two birds with one worm

From: "Berger, Randy" <rberger () famail tamu edu>
Date: Fri, 20 Jul 2001 11:27:35 -0500

I can verify an issue with HP JetDirect as well.  We have two HP LaserJet
4000N printers that started doing the exact same thing yesterday, the
printer itself crashes, dumping a page of exception data from the card and
freezing with an "EIO 2 ERROR" message.  I see no information (yet) on the
HP web site regarding any connection to the Code Red Worm.  Anybody heard
anything different?

Randall Berger '91
Systems Analyst
Department of Student Financial Aid
Texas A&M University
(979) 862-1539  FAX (979) 847-9061
http://faid.tamu.edu

 -----Original Message-----
From:   pchipman () memphis edu [mailto:pchipman () memphis edu] 
Sent:   Friday, July 20, 2001 2:26 AM
To:     bugtraq () securityfocus com
Subject:        Re: Two birds with one worm

I can confirm that this worm is killing JetDirect cards. The HP 
JetDirect Card in our HP LaserJet 4000N has been steadily crashing as 
infection attempts hit it; the result is that, every ten to thirty 
minutes or so, the printer itself crashes, dumping a page of exception 
data from the card and freezing with an "EIO 2 ERROR" message. A hard 
reset of the printer is required to make it operational again.

--
Patrick Chipman
System Administrator
University of Memphis Cognitive Science Lab

----- Original Message -----
From: "Brian.J.Mauter" <maute001 () bama ua edu>
Date: Thursday, July 19, 2001 11:10 pm
Subject: Re: Two birds with one worm.

Hi,

Testing various other devices on my subnet, I found that my 3Com 
WirelessLAN Access Point was not affected, but my HP 4500 was 
because it has an HP
Jet Direct Card in it.  I do not have conclusive evidence that it 
was Code
Red, but the printer has never acted strangely before.  When I 
call the
printer's webserver, I get a "Device is not attached" error along 
with "HP
JetDirect [Not available:SNMPException: no response]" at the top 
of the
page.  All of the admin functions fail and I cannot determine if the
printer is even functioning.  (It's remote, or else I'd walk over 
to it
and look.)

I don't know, but this may get any HP device with JetDirect.  Can 
anyonequalify that?

Current thread:

Re: Two birds with one worm pchipman (Jul 20)
- <Possible follow-ups>
- RE: Two birds with one worm Berger, Randy (Jul 20)
  - Re: Two birds with one worm Tom Perrine (Jul 20)