HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
BID:21666
Info
HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
| Bugtraq ID: | 21666 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2006 12:00AM |
| Updated: | Dec 19 2006 07:27PM |
| Credit: | Joxean Koret is credited with the discovery of this vulnerability. |
| Vulnerable: |
HP LaserJet 5100 Series HP LaserJet 5000 Series HP HP Photo Digital Imaging hpqxml.dll 2.0.0.133 HP FTP Print Server 2.4.5 |
| Not Vulnerable: | |
Discussion
HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
-HP Printers running FTP Print Server are prone to a buffer-overflow vulnerability. This issue occurs because the application fails to boundscheck user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
-HP Printers running FTP Print Server are prone to a buffer-overflow vulnerability. This issue occurs because the application fails to boundscheck user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Exploit / POC
HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
The following proofs of concept are available.
The following proofs of concept are available.
Solution / Fix
References
HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
References:
References:
- Vendor Home Page (Hewlett-Packard)
- HP Printers FTP Server Denial Of Service (Joxean Koret)