Vulnerabilities > CVE-1999-1062 - Unspecified vulnerability in HP Jetdirect

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
hp
nessus
NVD
Published: 1997-10-04
Updated: 2017-12-19

Summary

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.

Vulnerable Configurations

Part Description Count
Hardware
Hp
1

Nessus

NASL familyMisc.
NASL idHP_REMOTE_PRINT.NASL
descriptionBy connecting to this port directly, a remote attacker can send Postscript directly to the remote printer, bypassing lpd and page accounting. This is a threat, because an attacker may connect to this printer, force it to print pages of garbage, and make it run out of paper. If this printer is used to print security logs, then this will be a problem.
last seen2020-06-01
modified2020-06-02
plugin id10104
published1999-06-22
reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10104
titleHP LaserJet Direct Print Filter Bypass
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10104);
 script_version ("1.30");
 script_cvs_date("Date: 2018/11/15 20:50:23");

 script_cve_id("CVE-1999-1062");
 
 script_name(english:"HP LaserJet Direct Print Filter Bypass");
 
 script_set_attribute(attribute:"synopsis", value:
"Print filters on the remote printer can be bypassed." );
 script_set_attribute(attribute:"description", value:
"By connecting to this port directly, a remote attacker can send
Postscript directly to the remote printer, bypassing lpd and page
accounting. 

This is a threat, because an attacker may connect to this printer,
force it to print pages of garbage, and make it run out of paper.  If
this printer is used to print security logs, then this will be a
problem." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1997/Oct/32" );
 script_set_attribute(attribute:"solution", value:
"Filter incoming traffic to this port." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_attribute(attribute:"plugin_publication_date", value: "1999/06/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "1997/10/04");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/h:hp:jetdirect");
 script_end_attributes();
 
 summary["english"] = "Checks if lpd is useless";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("find_service1.nasl", "passwordless_hp_printer.nasl");
 script_require_keys("devices/hp_printer");
 script_require_ports(9099);
 exit(0);
}

#
# The script code starts here
#

hp = get_kb_item("devices/hp_printer");
if(hp)
{
 if(get_port_state(9099))
 {
  soc = open_sock_tcp(9099);
  if(soc){
  	security_warning(9099);
  	close(soc);
	}
 }
 if(get_port_state(9100))
 {
  soc = open_sock_tcp(9100);
  if(soc){
  	security_warning(9100);
	close(soc);
	}
 }
}

References