COMMAND

    HP printers

SYSTEMS AFFECTED

    HP 5M, 5N printers

PROBLEM

    In addition  to using  nestea2 to  crash any  HP printer, Ben from
    Cisco seem to have found a  way to crash certain HP printers  with
    a single perfectly legitimate SNMP packet.

    The potential impact  of this problem  is that within  a couple of
    seconds, someone could crash all the HP 5M and 5N printers  within
    a whole network.   Since the attack  involves just one  packet per
    network connected  printer, it  would be  very difficult  to trace
    where the attack came from.  The danger is not that a person could
    crash one printer  but rather that  a person could  severly impact
    printing in a fairly wide area.

    Every time you run Ben's program "npadmin --languages" from:

        ftp://pasta.penguincomputing.com/pub/prtools

    against a 5N printer it will  crash the mio card with a  79 error.
    A 79  error is  almost a  catch all  error message.  There are  so
    many things that it can mean, that its meaning is very indistinct.
    This has  been reproducable  with 5M  printers too.  (The 4 series
    printers as well as the HP color LaserJets don't have the  objects
    that seem to cause the problem and the 5si printers don't seem  to
    be affected.).  This problem has been reported to HP and they gave
    it a case number 1420924269.

    You can reproduce it by simply doing:

        $ snmpgetnext scv-sirloin public 43.15.1.1.2.1.5 43.15.1.1.3.1.5 \
         43.15.1.1.4.1.5 43.15.1.1.5.1.5 43.15.1.1.6.1.5 43.15.1.1.7.1.5 \
         43.15.1.1.8.1.5 43.15.1.1.9.1.5 43.15.1.1.12.1.5

    The fact that it  does not affect 5si's  suggests to Ben that  the
    problem might  be in  the way  that formatter  software passes the
    information back  to the  MIO interface.  In that  case, it  might
    require a hardware  upgrade to remedy  the problem.   This problem
    does not seem to be  mio firmware version dependent.   The printer
    that Ben  did his  initial reproduction  of the  problem on  has a
    J2552A MIO  card in  it running  firmware version  A.04.09 however
    this was also tried on printers that run A.04.08, and A.05.05  and
    they have the same problem.

SOLUTION

    In keeping with  corporate policy, HP  is very tight  lipped about
    the problem and have said nothing since problem reported to  them.
    They will  not say  anything until  they have  a patch  available.
    Those that  administer print  services for  an area  might want to
    keep an eye out for a new version of firmware from HP.