[27670] in bugtraq
RE: IBM Infoprint Remote Management Simple DoS (update)
daemon@ATHENA.MIT.EDU (Toni Lassila)
Thu Oct 31 19:53:53 2002
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Thu, 31 Oct 2002 12:16:17 +0200
Message-ID: <6C60F1D0DCCC0F4FBDCA8F1668BE08AFCD12@fp1.tekian.net>
From: "Toni Lassila" <toni.lassila@mc-europe.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
UPDATE:
It appears this vulnerability has been rectified in later versions
of the printer controller software. As it stands, printers installed
with the controller software above a certain version are NOT
vulnerable, and it appears the latest Infoprint series printers are
indeed not vulnerable. Thanks to Fredrik Björk
<Fredrik.Bjork.List@varbergenergi.se> and Onyx Thanes <wewe@personal.ro>
for information relating to non-vulnerable versions:
Confirmed vulnerable:
IBM Infoprint 21 - Controller Code Level: 1.047012
Confirmed NOT vulnerable:
IBM Infoprint 21 - Controller Code Level: 1.056007
Any newer Infoprint models
As to when IBM started releasing the printers with the non-vulnerable
software installed, well, you'd have to ask IBM for that.
> -----Original Message-----
> From: Toni Lassila
> Sent: Friday, October 25, 2002 12:19
> To: bugtraq@securityfocus.com
> Subject: IBM Infoprint Remote Management Simple DoS
>
>
> Overview
> ========
> IBM makes a series of TCP/IP enabled printers that come with remote
> management features:
>
> <http://www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect>
>
> One of these features is a Telnet-based remote management
> service, which has a DoS vulnerability. The vulnerability
> discussed here was tested on an IBM Infoprint 21 (older
> model), but is probably present in other printers
> of the same product line.
