|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: kim0 (kim0_at_phenoelit.de)
Date: Sat Jul 27 2002 - 05:05:11 CDT
--
kim0 <kim0
phenoelit.de>
Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +--+>
[ Authors ]
FX <fxphenoelit.de>
kim0 <kim0phenoelit.de>
Phenoelit Group (http://www.phenoelit.de) Advisory http://www.phenoelit.de/stuff/SEH_Web.txt
[ Affected Products ] SEH GmbH IC9 Pocket Print Server
Tested on SEH IC9 (Firmware 7.1.30 and 7.1.36f)
SEH Bug ID: Not assigned
[ Vendor communication ]
06/29/02 Initial Notification, supportseh.de
*Note-Initial notification includes
a cc to certcert.org
06/29/02 Auto-Responder reply from SEH
07/01/02 Human ack. from SEH, denial that problem exists
along with new firmware version
07/01/01 Despite fact that phenoelit is not a software
test-lab, we confirmed that problem exists in new
firmware as well and passed info to vendor
07/19/02 Notification of intent to post publically
in apx. 7 days.
[ Overview ] The IC9 Pocket Print Server is a small pocket sized network interface for printers. [ Description ] By sending an oversized administrative password using the web-interface, an attacker can cause the print server device to reboot itself (and reset the printer attached).
[ Example ] Enter a password for the administrator that is 300 characters or more and <click> the button.
[ Solution ] None known at this time.
[ end of file ]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]