[26363] in bugtraq

home help back first fref pref prev next nref lref last post

Phenoelit Advisory #0815 +-+

daemon@ATHENA.MIT.EDU (kim0)
Sat Jul 27 13:24:23 2002

Message-ID: <3D42A5D1.1040708@phenoelit.de>
Date: Sat, 27 Jul 2002 15:53:21 +0200
From: kim0 <kim0@phenoelit.de>
Reply-To: kim0@phenoelit.de
MIME-Version: 1.0
To: darklab@darklab.org, bugtraq@securityfocus.com, vuln-dev@securityfocus.com
Content-Type: multipart/mixed;
 boundary="------------030809020107040200090702"

--------------030809020107040200090702
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

--------------030809020107040200090702
Content-Type: text/plain;
 name="HP_snmp.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="HP_snmp.txt"

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-+>

[ Authors ]
	FX		<fx@phenoelit.de>
	kim0 		<kim0@phenoelit.de>	

	Phenoelit Group	(http://www.phenoelit.de)
	Advisroy	http://www.phenoelit.de/stuff/HP_snmp.txt

[ Affected Products ]
	Hewlett Packard (HP)  
			Printers

	HP Bug ID:	Not assigned
	CERT Vulnerability ID:	377033

[ Vendor communication ]
        06/29/02        Initial Notification, security-alert@hp.com
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        06/29/02        RBL blocked delivery to security-alert@hp.com
        06/29/02        Creation of ho-mail account and resend
                        (note, kim0 HATES ho-mail at this point)
        07/01/02        Auto-responder reply
        07/01/02        Human Contact, PGP exchange and ack.
        07/19/02        Notification of intent to post publically
                        in apx. 7 days.
	07/23/02	Coordination for release date/times

[ Overview ]
	HP Network-Enable Printers (JetDirect)
	
[ Description ]
	SNMP variable accessible by SNMP READ exposes HTTP and TELNET 
	administrative access password in HEX 
	(.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0)
	An SNMP read request to this variable will return a HEX string 
	such as	0x01 0X15 0x41 0X41, where the numbers after the second 
	byte represent the password in ASCII (in this case, the password is 'AA').

[ Example ]
	linux# snmpget <printer_ip> public .iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0

[ Solution ]
	None known at this time. 

[ end of file ]



--------------030809020107040200090702--
home help back first fref pref prev next nref lref last post