Re: Cert Advisory 2002-03 and HP JetDirect
From: Russell Fulton (R.FULTON@auckland.ac.nz)Date: 02/20/02
- Previous message: Steve VanDevender: "UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]"
- In reply to: Information Security: "Cert Advisory 2002-03 and HP JetDirect"
- Next in thread: Joshua Newton: "Re: Cert Advisory 2002-03 and HP JetDirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Russell Fulton <R.FULTON@auckland.ac.nz> To: Information Security <InformationSecurity@federatedinv.com> Date: 20 Feb 2002 15:19:51 +1300
On Wed, 2002-02-20 at 04:53, Information Security wrote:
> It appears that HP JetDirect firmware is more susceptible to SNMP
> vulnerabilities than originally referenced in the CERT Advisory CA-2002-03
> (http://www.cert.org/advisories/CA-2002-03.html). Some basic testing with
> Protos on an internal network seems to indicate that devices with JetDirect
> firmware x.08.32 crash each time a single malformed SNMP packet is received.
> The HP Download Manager for JetDirect reports that the printer software is
> up-to-date.
After running the SANS tool for finding machines where snmp is active I
had a number of people say that their HP printers had
a/ hung up and required powering off or resetting
b/ spewed out garbage pages.
-- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand
- Previous message: Steve VanDevender: "UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]"
- In reply to: Information Security: "Cert Advisory 2002-03 and HP JetDirect"
- Next in thread: Joshua Newton: "Re: Cert Advisory 2002-03 and HP JetDirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
