HP JetDirect and HP printers buffer overflow

2007-03-28T00:00:00

Description

Buffer overflow in LIST, NLIST and RETR command of built-in FTP server.

{"id": "SECURITYVULNS:VULN:6955", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "HP JetDirect and HP printers buffer overflow", "description": "Buffer overflow in LIST, NLIST and RETR command of built-in FTP server.", "published": "2007-03-28T00:00:00", "modified": "2007-03-28T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6955", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:16500", "https://vulners.com/securityvulns/securityvulns:doc:15426", "https://vulners.com/securityvulns/securityvulns:doc:15762"], "cvelist": ["CVE-2007-0358", "CVE-2007-1772"], "immutableFields": [], "lastseen": "2018-08-31T11:09:22", "viewCount": 68, "enchantments": {"score": {"value": 3.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0358", "CVE-2007-1772"]}, {"type": "hp", "idList": ["HP:C00838612"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-0358", "CVE-2007-1772"]}, {"type": "hp", "idList": ["HP:C00838612"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15762"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2007-0358", "epss": "0.045850000", "percentile": "0.912510000", "modified": "2023-03-19"}, {"cve": "CVE-2007-1772", "epss": "0.089940000", "percentile": "0.935970000", "modified": "2023-03-19"}], "vulnersScore": 3.3}, "_state": {"dependencies": 1678961635, "score": 1678962848, "affected_software_major_version": 0, "epss": 1679310407}, "_internal": {"score_hash": "4c4c5d090db19326bc67362adba5e631"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}

{"hp": [{"lastseen": "2020-10-13T01:01:48", "description": "## Potential Security Impact\nRemote Denial of Service (DoS)\n\n## VULNERABILITY SUMMARY\nA potential vulnerability has been identified with HP Jetdirect running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS).\n\n## RESOLUTION\nThis vulnerability can be resolved by upgrading the Jetdirect firmware. \nThere is also a workaround for this vulnerability by making configuration changes. \n\nRecent Jetdirect products use firmware revision x.25.nn or greater and are not vulnerable. Some older Jetdirect products allow the firmware to be upgraded and others do not.\n\nTo learn how to upgrade Jetdirect firmware, see Update firmware for a single JetDirect Print Server using Jetdirect EWS or FTP. \n\nFor J4169A 610n - upgrade the firmware to version L.25.nn or greater.\n\nFor J6057A 615n - upgrade the firmware to version R.25.nn or greater.\n\nOther older Jetdirect products running versions from x.20.nn up to and including x.24.nn are potentially vulnerable. The firmware for these products cannot be upgraded. The potential vulnerability can be avoided by disabling ftp or using access control lists as discussed in the whitepaper 'HP Jetdirect Security Guidelines' mentioned above.\n", "cvss3": {}, "published": "2007-01-03T00:00:00", "type": "hp", "title": "HPSBPI02185 SSRT071290 rev.4 - HP Jetdirect Running ftp, Remote Denial of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1772"], "modified": "2017-07-13T00:00:00", "id": "HP:C00838612", "href": "https://support.hp.com/us-en/document/c00838612", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:02:32", "description": "The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.", "cvss3": {}, "published": "2007-03-30T01:19:00", "type": "cve", "title": "CVE-2007-1772", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1772"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/h:hp:jetdirect:*"], "id": "CVE-2007-1772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1772", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:h:hp:jetdirect:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T13:59:20", "description": "Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.", "cvss3": {}, "published": "2007-01-19T01:28:00", "type": "cve", "title": "CVE-2007-0358", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0358"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/h:hp:jetdirect_firmware:x.23.nn", "cpe:/h:hp:jetdirect_firmware:x.24.nn", "cpe:/h:hp:jetdirect_firmware:x.20.nn", "cpe:/h:hp:jetdirect_firmware:x.21.nn", "cpe:/h:hp:jetdirect_firmware:x.22.nn"], "id": "CVE-2007-0358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0358", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:h:hp:jetdirect_firmware:x.23.nn:*:*:*:*:*:*:*", "cpe:2.3:h:hp:jetdirect_firmware:x.20.nn:*:*:*:*:*:*:*", "cpe:2.3:h:hp:jetdirect_firmware:x.24.nn:*:*:*:*:*:*:*", "cpe:2.3:h:hp:jetdirect_firmware:x.22.nn:*:*:*:*:*:*:*", "cpe:2.3:h:hp:jetdirect_firmware:x.21.nn:*:*:*:*:*:*:*"]}]}

HP JetDirect and HP printers buffer overflow

Description

Related