It appears this vulnerability has been rectified in later versions
of the printer controller software. As it stands, printers installed
with the controller software above a certain version are NOT
vulnerable, and it appears the latest Infoprint series printers are
indeed not vulnerable. Thanks to Fredrik Björk
<Fredrik.Bjork.List (at) varbergenergi (dot) se [email concealed]> and Onyx Thanes <wewe (at) personal (dot) ro [email concealed]>
for information relating to non-vulnerable versions:
Confirmed vulnerable:
IBM Infoprint 21 - Controller Code Level: 1.047012
Confirmed NOT vulnerable:
IBM Infoprint 21 - Controller Code Level: 1.056007
Any newer Infoprint models
As to when IBM started releasing the printers with the non-vulnerable
software installed, well, you'd have to ask IBM for that.
> -----Original Message-----
> From: Toni Lassila
> Sent: Friday, October 25, 2002 12:19
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: IBM Infoprint Remote Management Simple DoS
>
>
> Overview
> ========
> IBM makes a series of TCP/IP enabled printers that come with remote
> management features:
>
> <http://www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect>
>
> One of these features is a Telnet-based remote management
> service, which has a DoS vulnerability. The vulnerability
> discussed here was tested on an IBM Infoprint 21 (older
> model), but is probably present in other printers
> of the same product line.
It appears this vulnerability has been rectified in later versions
of the printer controller software. As it stands, printers installed
with the controller software above a certain version are NOT
vulnerable, and it appears the latest Infoprint series printers are
indeed not vulnerable. Thanks to Fredrik Björk
<Fredrik.Bjork.List (at) varbergenergi (dot) se [email concealed]> and Onyx Thanes <wewe (at) personal (dot) ro [email concealed]>
for information relating to non-vulnerable versions:
Confirmed vulnerable:
IBM Infoprint 21 - Controller Code Level: 1.047012
Confirmed NOT vulnerable:
IBM Infoprint 21 - Controller Code Level: 1.056007
Any newer Infoprint models
As to when IBM started releasing the printers with the non-vulnerable
software installed, well, you'd have to ask IBM for that.
> -----Original Message-----
> From: Toni Lassila
> Sent: Friday, October 25, 2002 12:19
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: IBM Infoprint Remote Management Simple DoS
>
>
> Overview
> ========
> IBM makes a series of TCP/IP enabled printers that come with remote
> management features:
>
> <http://www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect>
>
> One of these features is a Telnet-based remote management
> service, which has a DoS vulnerability. The vulnerability
> discussed here was tested on an IBM Infoprint 21 (older
> model), but is probably present in other printers
> of the same product line.
[ reply ]