lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 7 Jul 2003 13:11:03 +0200
From: DOUHINE Davy <DDOUHINE@...info.fr>
To: bugtraq@...urityfocus.com
Subject: Remote DoS on Canon GP300


Affected: Canon GP300 using WebSpooler v4.5.062 (fr), other versions ?
Risk: High
Remote: Yes

Description:
A simple http request can crash the whole print server.
Request is "GET /" on tcp/80
After sending "GET /" a reboot is needed to print again or to take hand on
the print server.

The web server seems to be Apache/1.0.3 (banner is returned in some
conditions).
I did not find this vulnerability for Apache/1.0.3 on securityfocus so this
banner is maybe a fake or the code has been changed.

Canon has been contacted.
They said message has been forwarded to services concerned by this
vulnerability (dev ?).
No news since.







Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, modification, diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse.FININFO (et ses filiales) décline(nt) toute responsabilité au titre de ce message, dans l'hypothèse ou il aurait été modifié, altéré, falsifié ou encore édité ou diffusé sans autorisation.
-----------------------------------------------------
This message and any attachments (the "message") is intended
solely for the addressees and is confidential. If you receive this 
message in error, please delete it and immediately notify the 
sender. Any use not in accord with its purpose, any dissemination 
or disclosure, either whole or partial, is prohibited except formal 
approval. Neither FININFO (nor any of its subsidiaries or affiliates) 
shall be liable for the message if modified, altered, falsified, edited 
or diffused without authorization.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ