Vulnerability : Remote DOS HP JetDirect Print Servers
Product : HP JetDirect Print Servers "HP LaserJet Series"
By: Handrix <handrix_at_morx_org>
26 March 2007
MorX security research team
www.morx.org
±------------+
Description |
---|
±------------+ |
HP JetDirect print servers allow you to connect printers and other |
devices directly to a network. |
Such devices provide a variety of embeded services online, as like as ftp, |
snmp, web server, tftp … and other daemon. |
However under a passive connection to the ftp's printers, and by sending a |
RERT command |
with a big rang of data (271 to 277 char) as pathname, the ftp server turn |
down, |
which cause the crash of the the engine. |
±-------------------------------------------------------------------------------------------- |
±--------+
Example |
---|
±--------+ |
% python /usr/lib/python2.4/ftplib.py -d [vulnerable host] -l -p `python |
-c 'print "A"*300'` |
±--------------------------------------------------------------------------------------------- |
±-------------------+
Version vulnerable |
---|
±-------------------+ |
Hewlett-Packard FTP Print Server Version 2.4 and prior |
±-------------------------------------------------------------------------------------------- |
±---------+
Solution |
---|
±---------+ |
Upgrade your drivers for your printers. |
By consulting the web page : http://www.hp.com/support/net_printing |
±-------------------------------------------------------------------------------------------- |