Dаrren Kitchen Posted January 4, 2007 Share Posted January 4, 2007 Anyone else read this?: http://security.nnov.ru/Gnews955.html Looks like the exploit can brick some Jetdirects to where even a hard reset won't fix it. Anyone know of a fix for this if a Jetdirect had been turned into a paper-weight? Anyone have an old Jetdirect they are willing to sacrifice to test it? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 4, 2007 Share Posted January 4, 2007 The fix to to not have the FTP server enabled, or if you must have it enabled place a firewall between it and the rest of the network. Quote Link to comment Share on other sites More sharing options...
Dаrren Kitchen Posted January 4, 2007 Author Share Posted January 4, 2007 Reread the question, what I'm wondering is if the box is bricked (in other words the exploit has already be ran so it's too late for disabling FTP) how could it be unbricked if even a hard reset won't fix it? The creator alluded that it will have to be sent back to HP to be fixed, if that is the case I would think HP would take it more seriously. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 4, 2007 Share Posted January 4, 2007 Ye, the only fix for it is to send it back to HP, but prevention is always better then the fix ;) Quote Link to comment Share on other sites More sharing options...
Dаrren Kitchen Posted January 4, 2007 Author Share Posted January 4, 2007 True, and I agree that prevention is better but this seems like a big issue. There are places that let port 21 in by default, in which case someone could use a tool like IPiterator and cripple large numbers of printers on the Internet. The Pauldotcom ( http://Pauldotcom.com ) podcast pointed this flaw out to me. Jetdirects are a very common device. Quote Link to comment Share on other sites More sharing options...
cooper Posted January 4, 2007 Share Posted January 4, 2007 I'm going to try this at work next monday. I'm pretty sure we've got a few of these scattered about. I find it difficult to believe that a buffer overflow would damage the device's firmware, but if that's what's happening this really is something HP should be gravely concerned about. Quote Link to comment Share on other sites More sharing options...
killzone Posted January 4, 2007 Share Posted January 4, 2007 Cooper you have a chance to try that out yet. My employer also has a few of these and and no budget to replace them if this exploit were to happen and render them useless. I'd like to get on top of exchangeing them out if it proves true. thanks Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 4, 2007 Share Posted January 4, 2007 Cooper you have a chance to try that out yet. My employer also has a few of these and and no budget to replace them if this exploit were to happen and render them useless. I'd like to get on top of exchangeing them out if it proves true. Just disable the FTP server on them. It will be a bit of work to go to each one and fumble your way threw the on screen menus, but then the exploit is unexploitable :P Quote Link to comment Share on other sites More sharing options...
killzone Posted January 4, 2007 Share Posted January 4, 2007 Thanks Sparda, I'll run that by them......and hey it may be time consumeing but if I can make it OT its worth it. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 4, 2007 Share Posted January 4, 2007 You do this through telnet: http://h20000.www2.hp.com/bizsupport/TechS...bpj06165#N101B1 Additionally: My mistake, I thought these where printers with built in print servers, not just print servers, hence why I said "on screen menu" in an earlier post. Quote Link to comment Share on other sites More sharing options...
sneaky_rupert Posted January 5, 2007 Share Posted January 5, 2007 I'm going to try this at work next monday. I'm pretty sure we've got a few of these scattered about. I find it difficult to believe that a buffer overflow would damage the device's firmware, but if that's what's happening this really is something HP should be gravely concerned about. Maybe it's configuration is getting hosed, but definitely not the firmware. That being the case, there's usually some button sequence tech support in India will gladly tell you :-) Quote Link to comment Share on other sites More sharing options...
Dаrren Kitchen Posted January 7, 2007 Author Share Posted January 7, 2007 Maybe it's configuration is getting hosed, but definitely not the firmware. That being the case, there's usually some button sequence tech support in India will gladly tell you :-) Maybe, I know from talking to others that the problem is persistent even after a hard reset. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.