[NEWS] Brother NC-3100h Buffer Overflow Vulnerability
From: support@securiteam.comDate: 07/29/02
- Previous message: support@securiteam.com: "[UNIX] phpBB's Gender Mod Allows Gaining Administrative Privileges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 29 Jul 2002 07:41:02 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Brother NC-3100h Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
The Brother NC-3100h provides network connectivity for Brother printers
(much in the same way as the HP JetDirect card). By sending an oversized
administrative password using the web-interface, an attacker can cause the
printer to crash.
DETAILS
Vendor status:
06/29/02 Initial Notification *Note-Initial notification by phenoelit
includes a cc to cert@cert.org by default
07/19/02 Notification of intent to post public in approximately 7 days.
Example:
Enter a password for the administrator that is 136 characters or more and
<click> the button. The printer will crash.
ADDITIONAL INFORMATION
The information has been provided by <mailto:fx@phenoelit.de> FX,
<mailto:ftr@phenoelit.de> FtR, <mailto:kim0@phenoelit.de> kim0, and
<mailto:DasIch@phenoelit.de> DasIch.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] phpBB's Gender Mod Allows Gaining Administrative Privileges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
