[26372] in bugtraq
phenoelit advisory, Brother Printers ++/-
daemon@ATHENA.MIT.EDU (kim0)
Sun Jul 28 04:14:30 2002
Message-ID: <3D42DA60.8090008@phenoelit.de>
Date: Sat, 27 Jul 2002 19:37:36 +0200
From: kim0 <kim0@phenoelit.de>
Reply-To: kim0@phenoelit.de
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: multipart/mixed;
boundary="------------050809000202020807020006"
--------------050809000202020807020006
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
--
kim0 <kim0@phenoelit.de>
Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
--------------050809000202020807020006
Content-Type: text/plain;
name="Brother_NC.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Brother_NC.txt"
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-++>
[ Authors ]
FX <fx@phenoelit.de>
FtR <ftr@phenoelit.de>
kim0 <kim0@phenoelit.de>
DasIch <DasIch@phenoelit.de>
Phenoelit Group (http://www.phenoelit.de)
Advisory http://www.phenoelit.de/stuff/Brother_NC.txt
[ Affected Products ]
Brother Corporation
NC-3100h
Brother Bug ID: Not assigned
[ Vendor communication ]
06/29/02 Initial Notification
*Note-Initial notification by phenoelit
includes a cc to cert@cert.org by default
07/19/02 Notification of intent to post public
in apx. 7 days.
[ Overview ]
The Brother NC-3100h provides network connectivity for Brother
printers (much in the same way as the HP JetDirect card).
[ Description ]
By sending an oversized administrative password using the web-interface,
an attacker can cause the printer to crash.
[ Example ]
Enter a password for the administrator that is 136 characters or more
and <click> the button. The printer will crash.
[ Solution ]
None known at this time.
[ end of file ]
--------------050809000202020807020006--
