Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Cert Advisory 2002-03 and HP JetDirect
From: Russell Fulton <R.FULTON () auckland ac nz>
Date: 20 Feb 2002 15:19:51 +1300

On Wed, 2002-02-20 at 04:53, Information Security wrote:
It appears that HP JetDirect firmware is more susceptible to SNMP
vulnerabilities than originally referenced in the CERT Advisory CA-2002-03
(http://www.cert.org/advisories/CA-2002-03.html).  Some basic testing with
Protos on an internal network seems to indicate that devices with JetDirect
firmware x.08.32 crash each time a single malformed SNMP packet is received.
The HP Download Manager for JetDirect reports that the printer software is
up-to-date.

After running the SANS tool for finding machines where snmp is active I
had a number of people say that their HP printers had
a/ hung up and required powering off or resetting
b/ spewed out garbage pages.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]