• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

HP LaserJet network ptrs vulns/updates

3 posts in this topic

FYI...

 

HP LaserJet Printers PJL Directory Traversal vuln

- http://secunia.com/advisories/42238/

Release Date: 2010-11-16

Solution Status: Vendor Workaround ...

... The vulnerability is reported in the following products:

• HP LaserJet MFP printers (all models with Printer Job Language (PJL) support).

• HP Color LaserJet MFP printers (all models with Printer Job Language (PJL) support).

• HP LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 series...

Solution: Apply the workaround (please see the vendor's advisory for details).

Original Advisory: HPSBPI02575 SSRT090255...

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4107

Last revised: 11/19/2010

CVSS v2 Base Score: 7.8 (HIGH)

 

- http://www.securitytracker.com/id?1024741

Nov 16 2010

- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02004333

Last Updated: 2010-11-15

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Potential Security Impact: Remote unauthorized access to files ...

"... Files within the printer can be accessed using the Printer Job Language (PJL) interface to exploit a directory traversal vulnerability. The vulnerability can be avoided by either one of the following actions:

• disable file system access via the PJL interface

• set a PJL password ..."

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449

Last Updated: 2011-12-23 Version: 2 (rev.2)

23 December 2011 Code signing firmware available

___

 

HP LaserJet printers - firmware access vuln

- http://www.securitytracker.com/id/1026357

CVE Reference: CVE-2011-4161

Updated: Dec 1 2011

Impact: Execution of arbitrary code via network, Root access via network

Vendor Confirmed: Yes

Description: A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to TCP port 9100 on the target printer to trigger an unspecified flaw and cause the printer to upgrade its firmware with arbitrary code. Some printers do not check digital signatures on firmware upgrades...

The original advisory is available at:

http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say

Impact: A remote user can upgrade the printer's firmware with arbitrary code.

Solution: ... The vendor recommends disabling the 'Printer Firmware Update' feature as described at:

http://h71028.www7.hp.com/enterprise/downloads/HP-Imaging10.pdf

The vendor's advisory is available at:

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03102449

Last Updated: 2011-11-30

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4161

Last revised: 12/02/2011

CVSS v2 Base Score: 10.0 (HIGH)

 

- https://secunia.com/advisories/47063/

Release Date: 2011-12-01

Criticality level: Moderately critical

Impact: Security Bypass ...

 

- https://isc.sans.edu/diary.html?storyid=12112

Last Updated: 2011-11-29 16:22:00 UTC

 

- http://h-online.com/-1387374

30 November 2011

___

 

- http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html

Nov. 29, 2011 - "... Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false. HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability. While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade.

HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted. In the meantime, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers..."

 

:blink::ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

HP LJ P3015 vuln - firmware ipdate available

- http://www.securitytracker.com/id/1026488

CVE Reference: CVE-2011-4785

Date: Jan 9 2012

Impact: Disclosure of system information, Disclosure of user information

Version: LaserJet P3015; firmware prior to 07.080.3 ...

Impact: A remote user can view files on the target system.

Solution: The vendor has issued a fix (HP LaserJet P3015; firmware 07.080.3).

The vendor's advisory is available at:

http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03140700

 

Download:

> http://preview.tinyurl.com/7zn3bmg

 

- https://secunia.com/advisories/47457/

Release Date: 2012-01-09

Impact: Security Bypass

Where: From local network

Solution: Update to version 07.080.3.

Original Advisory: HPSBPI02733 SSRT100646:

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03140700

CVE-2011-4785

... HP LaserJet P3015 with firmware prior to 07.080.3...

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now