Hi folks!
I just played with our network printer (a HP LaserJet 4500) and --
boom -- it crashed ;-)
The HP JetDirect J3111A module with firmware G.05.35 suffers from a
buffer overflow in it's internal web server. If you enter the
following URL in your web browser
http://my-printer's-ip/very-long-rubbish(256 bytes or so)
the printer prints a diagnostics page showing the contents of all
registers and the following 64 bytes of all memory addresses that
address registers point to.
Obviously it's a M680x0 CPU with 512 KB of RAM in our model, so
writing an exploit should be fairly easy. The nice point about it is
that most people wouldn't expect their printer to be compromised --
and since there is no logging on the printer, you can't easily be
tracked down...
Ciao,
Tobias
PS: I searched the web page of HP for any e-mail-address that could be
used to inform them about bugs, but i did not find any e-mail-address
at all. The web site seems to be one-way...
--
Dipl. Inform. Tobias Haustein
Department of Computer Science IV, Aachen University of Technology
Ahornstr. 55, D-52056 Aachen
Phone +49 (241) 80-21417, Fax +49 (241) 8888-220
E-Mail [EMAIL PROTECTED]
Web http://www-i4.informatik.rwth-aachen.de/~haustein/
PGP signature
