Vulnerability Development mailing list archives
Re: HP LaserJet 4 Series Jet Direct
From: fhs () VNET NET (Steven Duckworth)
Date: Mon, 19 Jun 2000 13:42:39 -0400
This has been a well published thing. I know I've seen exploits for this as far back as 97-98 on Rootshell. You can also send PJL commands to the printer this way, which can be used to change many things, including what is displayed on the LCD. Since this bypasses LPR, I don't think it gets logged anywhere. Back in college a friend of mine used it to harass the network admin who was eager to switch to Windows NT by constantly putting "NT Sucks" across the display on our LJ4's. The admin couldn't check any logs and was completely clueless as to how to find him. As for your workaround, that something akin to buying a Ferrari for your commute to work, but realizing that somebody might ding the door when they open theirs, so you drive your old trusty Yugo instead. Steven -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ryan Yagatich Sent: Sunday, June 18, 2000 10:59 PM To: VULN-DEV () SECURITYFOCUS COM Subject: HP LaserJet 4 Series Jet Direct Hello, I'm not sure if this can be considered a "vulnerability" but in my eyes it is. With the HP LaserJet 4 series Jet direct card you can telnet to port 9099 on the printer's IP address and type any text and on disconnect the page will be printed. If someone writes a piece of software that is like a dictionary generator and pushes it to this port, and then kills the connection later, it is possible to DOS your print services. why? well no paper/toner so you have no service. Workaround: use a paralell connection between your printer and computer, and share it via Windows 9x printer sharing, or via Samba. Plus, this way you don't have to forfeit an IP address. Questions/Comments: please comment as much as possible on this topic. Ryan Yagatich
Current thread:
- Re: Firewalls and stuff (Was about N2H2), (continued)
- Re: Firewalls and stuff (Was about N2H2) Crispin Cowan (Jun 17)
- (no subject) Bluefish (Jun 18)
- Re: N2H2 Web Proxy/Filter appliance Eric Wanner (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Bluefish (Jun 18)
- HP LaserJet 4 Series Jet Direct Ryan Yagatich (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Joel Michael (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Steven Duckworth (Jun 19)
- omni backup program Antonomasia (Jun 19)
- Re: HP LaserJet 4 Series Jet Direct Felix von Leitner (Jun 21)
- [Fwd: Exploit code for PalmOS] Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Max Vision (Jun 18)