Bugtraq mailing list archives
Re: Cert Advisory 2002-03 and HP JetDirect
From: Russell Fulton <R.FULTON () auckland ac nz>
Date: 20 Feb 2002 15:19:51 +1300
On Wed, 2002-02-20 at 04:53, Information Security wrote:
It appears that HP JetDirect firmware is more susceptible to SNMP vulnerabilities than originally referenced in the CERT Advisory CA-2002-03 (http://www.cert.org/advisories/CA-2002-03.html). Some basic testing with Protos on an internal network seems to indicate that devices with JetDirect firmware x.08.32 crash each time a single malformed SNMP packet is received. The HP Download Manager for JetDirect reports that the printer software is up-to-date.
After running the SANS tool for finding machines where snmp is active I had a number of people say that their HP printers had a/ hung up and required powering off or resetting b/ spewed out garbage pages. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand
Current thread:
- Cert Advisory 2002-03 and HP JetDirect Information Security (Feb 19)
- Re: Cert Advisory 2002-03 and HP JetDirect Russell Fulton (Feb 20)
- Re: Cert Advisory 2002-03 and HP JetDirect Joshua Newton (Feb 20)
- <Possible follow-ups>
- Re: Cert Advisory 2002-03 and HP JetDirect david evlis reign (Feb 23)