HP JetDirect Multiple DoS Vulnerabilities
BID:1775
Info
HP JetDirect Multiple DoS Vulnerabilities
| Bugtraq ID: | 1775 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2000-1062 CVE-2000-1063 CVE-2000-1064 CVE-2000-1065 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 10 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Posted to Bugtraq on October 10, 2000 by Peter Grundl <[email protected]> and publicized in a VIGILANTe Security Advisory (2000014). |
| Vulnerable: |
HP JetDirect x.08.20 HP JetDirect x.08.05 HP JetDirect x.08.04 |
| Not Vulnerable: | |
Discussion
HP JetDirect Multiple DoS Vulnerabilities
The FTP, Telnet, and LPD components of HP JetDirect firmware are susceptible to multiple buffer overflow vulnerabilities. In addition, the IP implementation in JetDirect does not properly handle certain malformed packets. Depending on the vulnerability, successful exploitation could lead to a denial of service attack against the JetDirect or destruction of the firmware.
Firmware replacement is required in order to return the JetDirect card to normal operations.
It has been reported that CodeRed may exploit this vulnerability.
The FTP, Telnet, and LPD components of HP JetDirect firmware are susceptible to multiple buffer overflow vulnerabilities. In addition, the IP implementation in JetDirect does not properly handle certain malformed packets. Depending on the vulnerability, successful exploitation could lead to a denial of service attack against the JetDirect or destruction of the firmware.
Firmware replacement is required in order to return the JetDirect card to normal operations.
It has been reported that CodeRed may exploit this vulnerability.
Exploit / POC
HP JetDirect Multiple DoS Vulnerabilities
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
HP JetDirect Multiple DoS Vulnerabilities
Solution:
HP has released a new version of firmware that is not affected by these vulnerabilities:
http://www.hp.com/cposupport/networking/software/allhpjd3.exe.html
Solution:
HP has released a new version of firmware that is not affected by these vulnerabilities:
http://www.hp.com/cposupport/networking/software/allhpjd3.exe.html
References
HP JetDirect Multiple DoS Vulnerabilities
References:
References: