HP JetDirect J3111A Module Denial of Service
Reported November 19, 1999 by
Tobias Haustein
VERSIONS EFFECTED
  • Hewlett Packard JetDirect J3111A Module

DESCRIPTION

The HP JetDirect J3111A module with firmware G.05.35 suffers from a buffer overflow in it"s internal web server that can lead to a crash, and thus, a denial of service.

DEMONSTRATION

By entering the following URL in a Web browser, the printer prints a diagnostics page showing the contents of all registers and the following 64 bytes of all memory addresses that address registers point to.

http://my-printer"s-IP/very-long-rubbish   (256 bytes or so)

The model tests uses a M680x0 CPU with 512 KB of RAM, and writing an exploit should be fairly easy. The interesting aspect here is that most people wouldn"t expect their printer to be compromised -- and since there is no logging on the printer, you can"t easily be tracked down...

VENDOR RESPONSE

Tobias did not notify HP of this problem, however, the vendor has been made aware through other channels.

CREDITS
Discovered by
Tobias Haustein
Posted here at NTSecurity.net on November 22, 1999