|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support)
Brian (cazz
RUFF.CS.JMU.EDU)
Fri, 19 Nov 1999 20:21:20 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Savochkin Andrey Vladimirovich: "Re: local users can panic linux kernel (was: SuSE syslogd advisory)"
- Previous message: Jeremy Iverson: "DNA-1999-001: NetTerm FTP Daemon vulnerabilities"
> Obviously it's a M680x0 CPU with 512 KB of RAM in our model, so
> writing an exploit should be fairly easy. The nice point about it is
> that most people wouldn't expect their printer to be compromised --
> and since there is no logging on the printer, you can't easily be
> tracked down...
HP JetDirects can have the web server turned off (a good idea) and use
remote syslog to log all connections to the printer. The HP print
server control software automaticly turns the web configuration back
on, so I wouldn't use that, I would physicly go up to the printer and
disable all services you don't need.
If only one could add in ip allow ranges, then I would be happy.
-cazz
- application/pgp-signature attachment: stored
- Next message: Savochkin Andrey Vladimirovich: "Re: local users can panic linux kernel (was: SuSE syslogd advisory)"
- Previous message: Jeremy Iverson: "DNA-1999-001: NetTerm FTP Daemon vulnerabilities"
This archive was generated by hypermail 2.0b3 on Mon Nov 22 1999 - 16:28:28 CST