HP Web Jetadmin Encrypted Password DoS

2004-04-27T00:00:00
ID OSVDB:5794
Type osvdb
Reporter FX(fx@phenoelit.de)
Modified 2004-04-27T00:00:00

Description

Vulnerability Description

HP JetAdmin contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user supplies a specially crafted encrypted password which will make the application freeze, and will result in loss of availability for the service.

Solution Description

Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HP JetAdmin contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user supplies a specially crafted encrypted password which will make the application freeze, and will result in loss of availability for the service.

Manual Testing Notes

Password: 01010101FFFF02020202020202020202.

References:

Vendor URL: http://www.hp.com/ Vendor Specific Advisory URL Secunia Advisory ID:11536 Related OSVDB ID: 5793 Related OSVDB ID: 5798 Related OSVDB ID: 5792 Related OSVDB ID: 5796 Related OSVDB ID: 5790 Related OSVDB ID: 5791 Related OSVDB ID: 5795 Related OSVDB ID: 5797 Other Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt Keyword: HPSBPI01026 Keyword: SSRT2397 ISS X-Force ID: 15986 CIAC Advisory: o-136 CERT VU: 606673 Bugtraq ID: 10224