Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: JetDirect Card Attack

From: "Brian Eckman" <ECKMA009 () sossgw stu umn edu>
Date: Mon, 23 Jul 2001 11:52:06 -0500
Bugtraq ID 814 (Nov 18, 1999) discusses a buffer overflow in the HP JetDirect Internal Webserver. Any firmware version 
prior to 7.xx would crash when accessed via 
http: //printer IP address/256 character string here

Is this the issue here? My 60+ HP Printers all with JetDirect cards at firmware 8.32 didn't seem to be affected by the 
worm. I know a more recent advisory discussed buffer overflows in versions as new as 8.20, but the Web server was not 
listed as vulnerable. The original firmware in my 4000TN was 5.34, which was definitely vulnerable to the Web buffer 
overflow, as it was the first printer that I tested at the time.

Perhaps someone who had this problem with the worm can verify their firmware version? 

Brian


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: