[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    0815 ++ */ SEH_Web
From:       kim0 <kim0 () phenoelit ! de>
Date:       2002-07-27 10:05:11
[Download RAW message or body]

-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

["SEH_Web.txt" (text/plain)]

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +--+>

[ Authors ]
	FX		<fx@phenoelit.de>
	kim0 		<kim0@phenoelit.de>	

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory	http://www.phenoelit.de/stuff/SEH_Web.txt

[ Affected Products ]
	SEH GmbH
			IC9 Pocket Print Server

	Tested on
                        SEH IC9 (Firmware 7.1.30 and 7.1.36f)

	SEH Bug ID:	Not assigned

[ Vendor communication ]
        06/29/02        Initial Notification, support@seh.de
                        *Note-Initial notification includes
                        a cc to cert@cert.org
        06/29/02        Auto-Responder reply from SEH
        07/01/02        Human ack. from SEH, denial that problem exists
                        along with new firmware version
        07/01/01        Despite fact that phenoelit is not a software 
			test-lab, we confirmed that problem exists in new 
			firmware as well and passed info to vendor
        07/19/02        Notification of intent to post publically
                        in apx. 7 days.

[ Overview ]
	The IC9 Pocket Print Server is a small pocket sized network 
	interface for printers. 
	
[ Description ]
	By sending an oversized administrative password using the 
	web-interface, an attacker can cause the print server device to reboot 
	itself (and reset the printer attached).

[ Example ]
	Enter a password for the administrator that is 300 characters or more 
	and <click> the button.

[ Solution ]
	None known at this time. 


[ end of file ]




[prev in list] [next in list] [prev in thread] [next in thread]