SecuriTeam - HP Printers and HP Digital Senders Unauthorized Access to Files

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files.

Credit:
The information has been provided by HP Software Security Response Team.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* HP LaserJet 2410 with firmware prior to 20080819 SPCL112A
* HP LaserJet 2420 with firmware prior to 20080819 SPCL112A
* HP LaserJet 2430 with firmware prior to 20080819 SPCL112A
* HP LaserJet 4250 with firmware prior to 20090323 SPCL014A
* HP LaserJet 4350 with firmware prior to 20090323 SPCL014A
* HP LaserJet 5200 with firmware prior to 20090305 SPCL0601A
* HP LaserJet 9040 with firmware prior to 20080819 SPCL110A
* HP LaserJet 9050 with firmware prior to 20080819 SPCL110A
* HP LaserJet 4345mfp with firmware prior to 09.120.9
* HP Color LaserJet 4730mfp with firmware prior to 46.200.9
* HP LaserJet 9040mfp with firmware prior to 08.110.9
* HP LaserJet 9050mfp with firmware prior to 08.110.9
* HP 9200C Digital Sender with firmware prior to 09.120.9
* HP Color LaserJet 9500mfp with firmware prior to 08.110.9

Immune Systems:
Resolved in Firmware version:
* HP LaserJet 4345mfp 09.120.9 or subsequent
* HP Color LaserJet 4730mfp 46.200.9 or subsequent
* HP LaserJet 9040mfp 08.110.9 or subsequent
* HP LaserJet 9050mfp 08.110.9 or subsequent
* HP 9200C Digital Sender 09.120.9 or subsequent
* HP Color LaserJet 9500mfp 08.110.9 or subsequent

Resolved in Preliminary Firmware Version
* HP LaserJet 2410 20080819 SPCL112A
* HP LaserJet 2420 20080819 SPCL112A
* HP LaserJet 2430 20080819 SPCL112A
* HP LaserJet 4250 20090323 SPCL014A
* HP LaserJet 4350 20090323 SPCL014A
* HP LaserJet 5200 20090305 SPCL0601A
* HP LaserJet 9040 20080819 SPCL110A
* HP LaserJet 9050 20080819 SPCL110A

CVE Information:
CVE-2008-4419

Disclosure Timeline:
Release Date: 2009-02-04
Last Updated: 2009-05-20

	Real Networks RealPlayer Compressed GIF Handling Integer Overflow
	RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability
	SugarCRM Online Document Cross-Site Scripting (XSS) Vulnerability
	Skype URI Processing Arbitrary XML File Deletion Vulnerability
	Skype Protocol Handler Datapath Argument Injection Credential Disclosure Vulnerability
	LedgerSMB Multiple Vulnerabilities
	Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability
	Piwik Cookie Unserialize Vulnerability
	Invision Power Board SQL PHP File Inclusion and SQL Injection
	U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability
	DevIL DICOM Buffer Overflow Vulnerability
	Marvell Driver Multiple Information Element Overflows
	HP Data Protector Express and Single Server Edition (SSE) DoS and Code Execution
	HP Color LaserJet Printers Unauthorized Access to Data and DoS
	KDE KDELibs Remote Array Overrun with Arbitrary Code Execution