[prev in list] [next in list] [prev in thread] [next in thread]
List: vuln-dev
Subject: 0815 ++ */ SEH_Web
From: kim0 <kim0 () phenoelit ! de>
Date: 2002-07-27 10:05:11
[Download RAW message or body]
--
kim0 <kim0@phenoelit.de>
Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
["SEH_Web.txt" (text/plain)]
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +--+>
[ Authors ]
FX <fx@phenoelit.de>
kim0 <kim0@phenoelit.de>
Phenoelit Group (http://www.phenoelit.de)
Advisory http://www.phenoelit.de/stuff/SEH_Web.txt
[ Affected Products ]
SEH GmbH
IC9 Pocket Print Server
Tested on
SEH IC9 (Firmware 7.1.30 and 7.1.36f)
SEH Bug ID: Not assigned
[ Vendor communication ]
06/29/02 Initial Notification, support@seh.de
*Note-Initial notification includes
a cc to cert@cert.org
06/29/02 Auto-Responder reply from SEH
07/01/02 Human ack. from SEH, denial that problem exists
along with new firmware version
07/01/01 Despite fact that phenoelit is not a software
test-lab, we confirmed that problem exists in new
firmware as well and passed info to vendor
07/19/02 Notification of intent to post publically
in apx. 7 days.
[ Overview ]
The IC9 Pocket Print Server is a small pocket sized network
interface for printers.
[ Description ]
By sending an oversized administrative password using the
web-interface, an attacker can cause the print server device to reboot
itself (and reset the printer attached).
[ Example ]
Enter a password for the administrator that is 300 characters or more
and <click> the button.
[ Solution ]
None known at this time.
[ end of file ]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic