Mystery of crashing HP printers solved - Telnet password not set
A DoS vulnerability with the installation and management software used on HP's line of commercial print servers has been reported. The potential flaw, which HP has not so far publically acknowledged, is interesting not because it is particularly devasatating (it isn't) but because it may explain problems our readers are having with printers of late. According to a posting on security mailing list BugTraq, HP JetDirect devices configured using the JetAdmin web interface fail to set a password for Telnet access when the administrator password is chosen.
Because of this the Telnet port of a printer will be left exposed to unrestricted remote access. This means (at least in theory) that hackers could create a denial of service. The potential also exists to monitor printer activity, and this might be used to gather information to use in subsequent attacks on systems, according to the posting....
Mystery of crashing HP printers solved?
By John Leyden
Hewlett-Packard hasn't issued a response to the report, so we can't be certain there's a genuine problem. That said we give a lot of credence to the alert because it goes a long way to explain a number of emails we've had of late complaining of unexplained crashes on HP printers.