[NEWS] HP Network-Enable Printers (JetDirect) Password Exposure
From: support@securiteam.comDate: 07/28/02
- Previous message: support@securiteam.com: "[NEWS] ChaiVM Multiple Security Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 28 Jul 2002 08:10:22 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
HP Network-Enable Printers (JetDirect) Password Exposure
------------------------------------------------------------------------
SUMMARY
HP Network Enabled printers have their SNMP variable accessible by a
simple SNMP READ. Issuing a request for a certain SNMP variable
(.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0) will exposes the HTTP and TELNET
administrative access password in HEX format.
DETAILS
Vendor status:
06/29/02 Initial Notification, security-alert@hp.com *Note-Initial
notification by phenoelit includes a cc to cert@cert.org by default
06/29/02 RBL blocked delivery to security-alert@hp.com
06/29/02 Creation of ho-mail account and retransmission of email
07/01/02 Auto-responder reply
07/01/02 Human Contact, PGP exchange and acknowledgement
07/19/02 Notification of intent to post publicly in approximately 7 days.
07/23/02 Coordination for release date/times
Example:
linux# snmpget <printer_ip> public .iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0
An SNMP read request to this variable will return a HEX string such as
0x01 0x15 0x41 0x41, where the numbers after the second byte represent the
password in ASCII (in this case, the password is 'AA').
ADDITIONAL INFORMATION
The information has been provided by <mailto:fx@phenoelit.de> FX and
<mailto:kim0@phenoelit.de> kim0.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] ChaiVM Multiple Security Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Multiple Vendor "talkd" User Validation Fault
... If someone is initiating a talk request with "talksp00f" from the user ...
The information in this bulletin is provided "AS IS" without warranty of any kind. ...
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. ... (Securiteam) - [EXPL] SLMail PASS Buffer Overflow
... The following exploit code can be used to test your SLMail ... # Discovered
by: Muts # ... The information in this bulletin is provided "AS IS" without warranty
of any kind. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [EXPL] Xsun (Sparc) Local Exploit (RGB_DB)
... struct TREE { ... main(int argc, char *argv) ... The information
in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall
we be liable for any damages whatsoever including direct, indirect, incidental, consequential,
loss of business profits or special damages. ... (Securiteam) - [TOOL] BSD-AirTools, WEP Related Tools
... netstumbler (dstumbler) that can be used to detect wireless access points ...
of the prism2 debug modes as well as do basic analysis of the ... The information in this
bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam) - [UNIX] Posix_getpw* Ignores Safe_mode and Open_basedir Settings
... thus allowing a user to rebuild a complete ... user to know what accounts
have what privileges and what accounts have ... The information in this bulletin is provided
"AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
