Title: SEH IC9 Pocket Print Server Web Administrative Interface Password Denial Of Service Vulnerability
Severity: HIGH
Description:
IC9 is the Pocket Print Server distributed by SEH. It provides network capability to parallel port printers.
A problem with the administration interface makes it possible to reboot a pocket print server, and the attached printer.
SEH Pocket Print Servers provide a web administration interface. This interface can be reached via the network to which the printer is attached, and allows users of the printer to change configuration parameters for the device.
A user accessing the web administration interface of a vulnerable device may be able to reboot the print server, and attached printer. By sending an administrative password of 300 or more bytes, it is possible for a remote user to cause a crash in the print server. This results in a denial of service, as the print server and printer are unavailable during the reboot process.
This vulnerability is likely due to a memory corruption bug, and may be an exploitable buffer overflow. If this is an exploitable buffer overflow, it would be possible for a user to execute arbitrary instructions on the server with the privileges of the web administration interface.
Affected Products:
- SEH IC9 7.1.0 .30
- SEH IC9 7.1.0 .36
References:
- Phenoelit Group: 0815 ++ */ SEH_Web
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
