HP JetDirect Invalid FTP Command DoS Vulnerability
BID:1491
Info
HP JetDirect Invalid FTP Command DoS Vulnerability
| Bugtraq ID: | 1491 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 19 2000 12:00AM |
| Updated: | Jul 19 2000 12:00AM |
| Credit: | Posted to BugTraq on July 19, 2000 by Peter Grundl <[email protected]> |
| Vulnerable: |
HP JetDirect J3111A rev. G.08.03 HP JetDirect J3111A rev. G.07.17 HP JetDirect J3111A rev. G.07.03 HP JetDirect J3111A rev. G.07.02 HP JetDirect J3111A rev. G.05.35 HP JetDirect J3111A rev. A.08.06 HP JetDirect rev. H.08.20 HP JetDirect rev. H.08.05 HP JetDirect rev. G.08.20 HP JetDirect rev. G.08.04 |
| Not Vulnerable: | |
Discussion
HP JetDirect Invalid FTP Command DoS Vulnerability
HP JetDirect firmware is vulnerable to a Denial of Service attack. JetDirect devices have an FTP service which fails to properly handle bad FTP commands sent with the ftp "quote" command. This causes the device to stop responding and possibly display an error message. Powering the device off and on is required to regain normal functionality.
HP JetDirect firmware is vulnerable to a Denial of Service attack. JetDirect devices have an FTP service which fails to properly handle bad FTP commands sent with the ftp "quote" command. This causes the device to stop responding and possibly display an error message. Powering the device off and on is required to regain normal functionality.
Exploit / POC
HP JetDirect Invalid FTP Command DoS Vulnerability
ftp <printer address>
quote AAAAAAAAAAA
ftp <printer address>
quote AAAAAAAAAAA