Re: HP LaserJet 4 Series Jet Direct (and others)

[joel () DIGGY COM AU (Joel Michael)]

I would consider this a DOS, because, as you said, it can easily run out
of toner/paper.  Another potential problem is if someone pushes
something offensive down to the printer, and just leaves it for the next
person to pick up.

This isn't limited to HP LaserJet's.  I have a secondhand Kyocera
FS-3500 with some kind of network interface that I know nothing about,
except that it has an FTP server in it - you can ftp a document to be
printed.  It also has SMB, IPX and AppleTalk, but I can't figure 'em out
(if anyone knows ANYTHING about what i'm talking about, PLEASE contact
me!).

This has just got me thinking.  I wonder if there's anything else more
nasty that you can do to these types of printers, e.g. buffer overflows,
that will crash the printer and require it to be reset?  But, then
again, who gives printers publicly available, un-firewalled IP
addresses?:-)

--
Joel Michael, who is going to run nmap over his printer when he gets
home...

----- Original Message -----
From: Ryan Yagatich <ryagatich () CSN1 COM>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Monday, June 19, 2000 12:58 PM
Subject: HP LaserJet 4 Series Jet Direct

Hello,

I'm not sure if this can be considered a "vulnerability" but in my eyes
it is.

With the HP LaserJet 4 series Jet direct card you can telnet to port
9099 on the printer's IP address and type any text and on disconnect the
page will be printed. If someone writes a piece of software that is like
a dictionary generator and pushes it to this port, and then kills the
connection later, it is possible to DOS your print services. why? well
no paper/toner so you have no service.

Workaround:

use a paralell connection between your printer and computer, and share
it via Windows 9x printer sharing, or via Samba. Plus, this way you
don't have to forfeit an IP address.

Questions/Comments:

please comment as much as possible on this topic.

Ryan Yagatich