SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Device (Printer)  >  Brother Print Server Vendors:  BlueFace
Brother NC-3100h Print Server Can Be Crashed By Remote Users Sending a Large Password to the Web Interface
SecurityTracker Alert ID:  1004866
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 28 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Advisory:  Phenoelit Group
Version(s): NC-3100h
Description:  A vulnerability was reported in the Brother NC-3100h print server for Brother printers. A remote user can cause the print server to crash.

It is reported that a remote user can send a large administrative password (136 characters or more) using the web-interface to cause the print server (printer) to crash.

The vendor has reportedly been notified.
Impact:  A remote user can crash the printer.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.brother.de/brother/index.cfm?pos=2&kath_id=9&artnr=26879 (Links to External Site)
Cause:  Boundary error
Reported By:  kim0 <kim0@phenoelit.de>
Message History:   None.

 Source Message Contents
Date:  Sat, 27 Jul 2002 19:37:36 +0200
From:  kim0 <kim0@phenoelit.de>
Subject:  phenoelit advisory, Brother Printers ++/-

 

--------------050809000202020807020006
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

--------------050809000202020807020006
Content-Type: text/plain;
 name="Brother_NC.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Brother_NC.txt"

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-++>

[ Authors ]
	FX		<fx@phenoelit.de>
	FtR 		<ftr@phenoelit.de>
	kim0 		<kim0@phenoelit.de>	
	DasIch 		<DasIch@phenoelit.de>

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory	http://www.phenoelit.de/stuff/Brother_NC.txt

[ Affected Products ]
	Brother Corporation
				NC-3100h

	Brother Bug ID: 	Not assigned

[ Vendor communication ]
        06/29/02        Initial Notification
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        07/19/02        Notification of intent to post public
                        in apx. 7 days.


[ Overview ]
	The Brother NC-3100h provides network connectivity for Brother 
	printers (much in the same way as the HP JetDirect card). 
 
[ Description ]
	By sending an oversized administrative password using the web-interface, 
	an attacker can cause the printer to crash.

[ Example ]
	Enter a password for the administrator that is 136 characters or more 
	and <click> the button. The printer will crash.

[ Solution ]
	None known at this time. 

[ end of file ]



--------------050809000202020807020006--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC