hp-dos.txt

2007-03-29T00:00:00
ID PACKETSTORM:55453
Type packetstorm
Reporter Handrix
Modified 2007-03-29T00:00:00

Description

                                        
                                            `Vulnerability : Remote DOS HP JetDirect Print Servers  
Product : HP JetDirect Print Servers "HP LaserJet Series"  
By: Handrix <handrix_at_morx_org>  
26 March 2007  
MorX security research team  
www.morx.org  
  
+-------------+  
| Description  
:-------------------------------------------------------------------------------  
+-------------+  
|  
| HP JetDirect print servers allow you to connect printers and other  
| devices directly to a network.  
|  
| Such devices provide a variety of embeded services online, as like as ftp,  
| snmp, web server, tftp ... and other daemon.  
|  
| However under a passive connection to the ftp's printers, and by sending a  
RERT command  
| with a big rang of data (271 to 277 char) as pathname, the ftp server turn  
down,  
| which cause the crash of the the engine.  
+---------------------------------------------------------------------------------------------  
  
  
+---------+  
| Example  
:-----------------------------------------------------------------------------------  
+---------+  
|  
| % python /usr/lib/python2.4/ftplib.py -d [vulnerable host] -l -p `python  
-c 'print "A"*300'`  
+----------------------------------------------------------------------------------------------  
  
+--------------------+  
| Version vulnerable  
:-----------------------------------------------------------------------  
+--------------------+  
|  
| Hewlett-Packard FTP Print Server Version 2.4 and prior  
+---------------------------------------------------------------------------------------------  
  
+----------+  
| Solution  
:---------------------------------------------------------------------------------  
+----------+  
|  
| Upgrade your drivers for your printers.  
| By consulting the web page : http://www.hp.com/support/net_printing  
+---------------------------------------------------------------------------------------------  
`