HP JetDirect LCD Display Modification Vulnerability

Bugtraq ID:	2245
Class:	Design Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Dec 08 1997 12:00AM
Updated:	Dec 08 1997 12:00AM
Credit:	The code to accomplish this was released by [email protected] on december 8, 1997.
Vulnerable:	HP JetDirect J3111A rev. G.08.03 HP JetDirect J3111A rev. G.07.17 HP JetDirect J3111A rev. G.07.03 HP JetDirect J3111A rev. G.07.02 HP JetDirect J3111A rev. G.05.35 HP JetDirect J3111A rev. A.08.06 HP JetDirect x.08.20 HP JetDirect x.08.05 HP JetDirect x.08.04 HP JetDirect rev. H.08.20 HP JetDirect rev. H.08.05 HP JetDirect rev. G.08.20 HP JetDirect rev. G.08.04
Not Vulnerable:

HP JetDirect LCD Display Modification Vulnerability

Certain versions of HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more of a nuisance than a threat, although it is conceivable that the ability to modify the display could be used in some sort of "social engineering" scheme.

HP JetDirect LCD Display Modification Vulnerability

Exploit available:

• /data/vulnerabilities/exploits/hpdisplay.c

HP JetDirect LCD Display Modification Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].