[12695] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Printer Vulnerabilities (Tektronix and JetDirect)

daemon@ATHENA.MIT.EDU (Elias Levy)
Tue Nov 23 12:30:13 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <19991123092357.Q4054@securityfocus.com>
Date:         Tue, 23 Nov 1999 09:23:57 -0800
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

I am summarizing a number of replies to the printer vulnerability
threads.

Tektronix:

Vulnerable:

Phaser 360 - Wyman Eric Miles <wymanm@is.rice.edu>
Phaser 840 - HC Security <securit@online.no>
Phaser 780 - "Tim Adams" <TAdams@iwpsd.org>

Not Vulnerable:

Phaser 360 - HC Security <securit@online.no>


HP JetDirect overflow:

Not Vulnerable:

Firmware Revision G.07.17 - Jens Hektor <hektor@rz.rwth-aachen.de>

Vulnerable:

JetDirect 300x print server J3263A firmware H.06.00 - olivier Schott <ost@INTRINsec.com>

To disable port 80 use the command:

ews-config: 0

From David Foster <foster@dim.ucsd.edu>:

If you are using bootp/tftp to configure your printers, you can specify an      allowed IP range in /tftpboot/<printer-name>.cfg, like:

        xxx.yyy.zzz.0  255.255.255.0


--
Elias Levy
Security Focus
http://www.securityfocus.com/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12695] in bugtraq

Printer Vulnerabilities (Tektronix and JetDirect)

daemon@ATHENA.MIT.EDU (Elias Levy)Tue Nov 23 12:30:13 1999

daemon@ATHENA.MIT.EDU (Elias Levy)
Tue Nov 23 12:30:13 1999