HP FTP Printer Server Denial Of Service

[Dаrren Kitchen]

Anyone else read this?:

http://security.nnov.ru/Gnews955.html

Looks like the exploit can brick some Jetdirects to where even a hard reset won't fix it. Anyone know of a fix for this if a Jetdirect had been turned into a paper-weight? Anyone have an old Jetdirect they are willing to sacrifice to test it?

[Sparda]

The fix to to not have the FTP server enabled, or if you must have it enabled place a firewall between it and the rest of the network.

[Dаrren Kitchen]

Reread the question, what I'm wondering is if the box is bricked (in other words the exploit has already be ran so it's too late for disabling FTP) how could it be unbricked if even a hard reset won't fix it? The creator alluded that it will have to be sent back to HP to be fixed, if that is the case I would think HP would take it more seriously.

[Sparda]

Ye, the only fix for it is to send it back to HP, but prevention is always better then the fix ;)

[Dаrren Kitchen]

True, and I agree that prevention is better but this seems like a big issue. There are places that let port 21 in by default, in which case someone could use a tool like IPiterator and cripple large numbers of printers on the Internet. The Pauldotcom ( http://Pauldotcom.com ) podcast pointed this flaw out to me. Jetdirects are a very common device.

[cooper]

I'm going to try this at work next monday. I'm pretty sure we've got a few of these scattered about. I find it difficult to believe that a buffer overflow would damage the device's firmware, but if that's what's happening this really is something HP should be gravely concerned about.

[killzone]

Cooper you have a chance to try that out yet. My employer also has a few of these and and no budget to replace them if this exploit were to happen and render them useless. I'd like to get on top of exchangeing them out if it proves true.

thanks

[Sparda]

Cooper you have a chance to try that out yet. My employer also has a few of these and and no budget to replace them if this exploit were to happen and render them useless. I'd like to get on top of exchangeing them out if it proves true.

Just disable the FTP server on them. It will be a bit of work to go to each one and fumble your way threw the on screen menus, but then the exploit is unexploitable :P

[killzone]

Thanks Sparda, I'll run that by them......and hey it may be time consumeing but if I can make it OT its worth it.

[Sparda]

You do this through telnet: http://h20000.www2.hp.com/bizsupport/TechS...bpj06165#N101B1

Additionally: My mistake, I thought these where printers with built in print servers, not just print servers, hence why I said "on screen menu" in an earlier post.

[sneaky_rupert]

I'm going to try this at work next monday. I'm pretty sure we've got a few of these scattered about. I find it difficult to believe that a buffer overflow would damage the device's firmware, but if that's what's happening this really is something HP should be gravely concerned about.

Maybe it's configuration is getting hosed, but definitely not the firmware. That being the case, there's usually some button sequence tech support in India will gladly tell you :-)

[Dаrren Kitchen]

Maybe it's configuration is getting hosed, but definitely not the firmware. That being the case, there's usually some button sequence tech support in India will gladly tell you :-)

Maybe, I know from talking to others that the problem is persistent even after a hard reset.