[21743] in bugtraq
RE: Two birds with one worm
daemon@ATHENA.MIT.EDU (Berger, Randy)
Fri Jul 20 17:16:33 2001
Message-ID: <914ED3FEE6D1D21187AE0000C02D97D5EE94FF@FAMAIL.TAMU.EDU>
From: "Berger, Randy" <rberger@famail.tamu.edu>
To: bugtraq@securityfocus.com
Date: Fri, 20 Jul 2001 11:27:35 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
I can verify an issue with HP JetDirect as well. We have two HP LaserJet
4000N printers that started doing the exact same thing yesterday, the
printer itself crashes, dumping a page of exception data from the card and
freezing with an "EIO 2 ERROR" message. I see no information (yet) on the
HP web site regarding any connection to the Code Red Worm. Anybody heard
anything different?
Randall Berger '91
Systems Analyst
Department of Student Financial Aid
Texas A&M University
(979) 862-1539 FAX (979) 847-9061
http://faid.tamu.edu
-----Original Message-----
From: pchipman@memphis.edu [mailto:pchipman@memphis.edu]
Sent: Friday, July 20, 2001 2:26 AM
To: bugtraq@securityfocus.com
Subject: Re: Two birds with one worm
I can confirm that this worm is killing JetDirect cards. The HP
JetDirect Card in our HP LaserJet 4000N has been steadily crashing as
infection attempts hit it; the result is that, every ten to thirty
minutes or so, the printer itself crashes, dumping a page of exception
data from the card and freezing with an "EIO 2 ERROR" message. A hard
reset of the printer is required to make it operational again.
--
Patrick Chipman
System Administrator
University of Memphis Cognitive Science Lab
----- Original Message -----
From: "Brian.J.Mauter" <maute001@bama.ua.edu>
Date: Thursday, July 19, 2001 11:10 pm
Subject: Re: Two birds with one worm.
> Hi,
>
> Testing various other devices on my subnet, I found that my 3Com
> WirelessLAN Access Point was not affected, but my HP 4500 was
> because it has an HP
> Jet Direct Card in it. I do not have conclusive evidence that it
> was Code
> Red, but the printer has never acted strangely before. When I
> call the
> printer's webserver, I get a "Device is not attached" error along
> with "HP
> JetDirect [Not available:SNMPException: no response]" at the top
> of the
> page. All of the admin functions fail and I cannot determine if the
> printer is even functioning. (It's remote, or else I'd walk over
> to it
> and look.)
>
> I don't know, but this may get any HP device with JetDirect. Can
> anyonequalify that?
