HPSBPI02185 SSRT071290 rev.4 - HP Jetdirect Running ftp, Remote Denial of Service (DoS)

Potential Security Impact

Remote Denial of Service (DoS)

VULNERABILITY SUMMARY

A potential vulnerability has been identified with HP Jetdirect running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

RESOLUTION

This vulnerability can be resolved by upgrading the Jetdirect firmware.
There is also a workaround for this vulnerability by making configuration changes.

Recent Jetdirect products use firmware revision x.25.nn or greater and are not vulnerable. Some older Jetdirect products allow the firmware to be upgraded and others do not.

To learn how to upgrade Jetdirect firmware, see Update firmware for a single JetDirect Print Server using Jetdirect EWS or FTP.

For J4169A 610n - upgrade the firmware to version L.25.nn or greater.

For J6057A 615n - upgrade the firmware to version R.25.nn or greater.

Other older Jetdirect products running versions from x.20.nn up to and including x.24.nn are potentially vulnerable. The firmware for these products cannot be upgraded. The potential vulnerability can be avoided by disabling ftp or using access control lists as discussed in the whitepaper ‘HP Jetdirect Security Guidelines’ mentioned above.