The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cert Advisory 2002-03 and HP JetDirect


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 19 Feb 2002 10:53:48 -0500
From: Information Security <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Cert Advisory 2002-03 and HP JetDirect

It appears that HP JetDirect firmware is more susceptible to SNMP
vulnerabilities than originally referenced in the CERT Advisory CA-2002-03
(http://www.cert.org/advisories/CA-2002-03.html).  Some basic testing with
Protos on an internal network seems to indicate that devices with JetDirect
firmware x.08.32 crash each time a single malformed SNMP packet is received.
The HP Download Manager for JetDirect reports that the printer software is
up-to-date.

On the hardware I tested, the packet generated an "EIO" error and required
the device to be powered off to recover.  Control panel input was not
available.

The packet can be generated using the req-enc protos test with the options
"-zerocase -showreply -single 13771".  The protos test name is
"set-req-ber-l-length" in the category of "Invalid BER length (L) fields".

The TCPDump trace is:
15:43:38.979321 1.2.3.4.1890 > 1.2.3.5.161:  
      SetRequest(39) .1.3.6.1.2.1.1.5.0="c06-snmpv"
15:43:39.179098 1.2.3.4.1891 > 1.2.3.5.161:
      GetRequest(25) .1.3.6.1.2.1.1.5.0

As an interesting side note, Ethereal (a popular open source sniffer /
traffic analyzer) crashes every time it sees this packet also.  It gives the
error "GLib-ERROR **: could not allocate -1 bytes aborting...".

This testing has been very limited (only LaserJet 4si and 8150 series
printers were tested), so please post your test results Bugtraq.  

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру