Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Network Appliances :: hplj7.htm

Code Red can crash HP JetDirect printers



COMMAND

    HP JetDirect printers

SYSTEMS AFFECTED

    HP JetDirect printers

PROBLEM

    Joe Klemencic posted following.  It seems that a byproduct of  the
    Code Red  scans is  also causing  woes to  HP JetDIrect  printers,
    causing them to  print some diagnostics  pages, then dropping  off
    the network.  This  is not from the  actual Code Red .ida  exploit
    code or the shellcode, but from  the NOPs instead.  If you  send a
    HP JetDirect >4096 characters to  the HTTP port, you will  get the
    same results as when the Code Red worm hits it.

    Joe  has  tested  against  some  HP  JetDirect printers at various
    firmware releases, and am  unable to reproduce it  after upgrading
    the printers to firmware g08.32.

    After upgrading, he has attempted to send all types of  characters
    and hex code up to 100000  characters at a time and was  unable to
    reproduce.

    Vulnerability test:

        1) Perform a continuous ping to the HP JetDirect Printer
        2) Execute the overflow:
           perl -e 'print "\x90"x4097;'|telnet <HP JetDirect Printer> 80
           -OR-
           perl -e 'print "<any character>"x4097;'|telnet <HP JetDirect Printer> 80
        3) The  ping  should  time  out  and the printer should  print
           diagnostic pages
        4) To recover, power-cycle the printer, then flash the firmware

SOLUTION

    Anything  that  can  be  flashed  up  to  version g08.32 should no
    longer be vulnerable.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH