HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability

Bugtraq ID:	17367
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 04 2006 12:00AM
Updated:	Apr 10 2006 06:12PM
Credit:	Richard Horsman of Sec-1 is credited with the discovery of this vulnerability.
Vulnerable:	HP Color LaserJet 4600 Toolbox 0 HP Color LaserJet 2500 Toolbox 0
Not Vulnerable:

HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability

The HP Color LaserJet 2500/4600 Toolbox is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability


This vulnerability may be exploited with a web client.

The following proof of concept is available:

http://www.example.com:5225/../../../boot.ini

HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability

Solution:
The vendor has released an update to address this issue. Contact the vendor for information on obtaining and applying the appropriate updates.


HP Color LaserJet 4600 Toolbox 0

• HP lj2500swupdate-en.exe
  ftp://ftp.hp.com

HP Color LaserJet 2500 Toolbox 0

• HP lj2500swupdate-en.exe
  ftp://ftp.hp.com

HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability

References:

• HP color LaserJet 2500/4600 Software Update (HP)
  
• [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnera ("Richard Horsman" )