[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : HP Jetdirect multiple DoS

Title: HP Jetdirect multiple DoS
Released by: Vigilante
Date: 10th October 2000
Printable version: Click here
HP Jetdirect multiple DoS

Advisory Code:   VIGILANTE-2000014

Release Date:

October 10, 2000

Systems Affected:

("x" means any valid firmware letter)

- Printers with HP JetDirect Firmware x.08.04

- Printers with HP JetDirect Firmware x.08.05

- Printers with HP JetDirect Firmware x.08.20

- Likely other versions as well


The firmware in the HP JetDirect card contain multiple vulnerabilities

that can have effects ranging from the service crashing to the printer

initiating a firmware upgrade based on random garbage in the memory,

and in the last case powercycling won't fix the crash. It requires a

new firmware burn by eg. HP to restore the Jetdirect card.

The FTP service, the TELNET service and the LPD service all contain

buffer handling problems. Furthermore, the JetDirect IP implementation

contains a vulnerability that will cause the printer to crash, if a

certain malformed packet is sent to the printer. This packet can be


Vendor Status:

The vendor was contacted on the 25th of August and the vulnerabilities

were verified by them on the 7th of September.


The new firmware versions can be retrieved using the following URL:


Vendor   URL: http://www.hp.com

Product  URL: http://www.pandi.hp.com/pandi-db/home_page.show

Copyright VIGILANTe 2000-08-25


The information within this document may change without notice. Use of

this information constitutes acceptance for use in an AS IS

condition. There are NO warranties with regard to this information.

In no event shall the author be liable for any consequences whatsoever

arising out of or in connection with the use or spread of this

information. Any use of this information lays within the user's



Please send suggestions, updates, and comments to:


mailto: isis@vigilante.com


(C) 1999-2000 All rights reserved.