Re: HP LaserJet 4 Series Jet Direct

[fhs () VNET NET (Steven Duckworth)]

This has been a well published thing.  I know I've seen exploits for this as
far back as 97-98 on Rootshell.  You can also send PJL commands to the
printer this way, which can be used to change many things, including what is
displayed on the LCD.  Since this bypasses LPR, I don't think it gets logged
anywhere.  Back in college a friend of mine used it to harass the network
admin who was eager to switch to Windows NT by constantly putting "NT Sucks"
across the display on our LJ4's.  The admin couldn't check any logs and was
completely clueless as to how to find him.

As for your workaround, that something akin to buying a Ferrari for your
commute to work, but realizing that somebody might ding the door when they
open theirs, so you drive your old trusty Yugo instead.

Steven

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ryan
Yagatich
Sent: Sunday, June 18, 2000 10:59 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: HP LaserJet 4 Series Jet Direct

Hello,

I'm not sure if this can be considered a "vulnerability" but in my eyes it
is.

With the HP LaserJet 4 series Jet direct card you can telnet to port 9099 on
the printer's IP address and type any text and on disconnect the page will
be printed. If someone writes a piece of software that is like a dictionary
generator and pushes it to this port, and then kills the connection later,
it is possible to DOS your print services. why? well no paper/toner so you
have no service.

Workaround:

use a paralell connection between your printer and computer, and share it
via Windows 9x printer sharing, or via Samba. Plus, this way you don't have
to forfeit an IP address.

Questions/Comments:

please comment as much as possible on this topic.

Ryan Yagatich