SNMP exploit bugs HP printers

Security experts have warned that Hewlett Packard printers using the JetDirect firmware may be more at risk from the recently discovered vulnerabilities in SNMP than previously thought.

According to experts on the Bugtraq security mailing list, JetDirect machines may suffer from more damaging vulnerabilities than those outlined in a recent Computer Emergency Response Team advisory.

"Some basic testing with protocols on an internal network seems to indicate that devices with JetDirect firmware x.08.32 crash each time a single malformed SNMP packet is received," read one posting from a security watcher.

"On the hardware tested, the packet generated an 'EIO' error and required the device to be powered off to recover. Control panel input was not available," it added.

The report confirmed that the JetDirect firmware on the printer was the latest version.

The discovery is some of the first evidence of how much damage can be caused by an SNMP exploit released on an internal network. Over the last week security experts have warned that users are likely to see "a lot of attacks" using this vulnerability.

In defence against the threat, the Sans Institute last week launched an SNMP self-test tool designed to pinpoint rogue SNMP services on a network.

To get a free copy of the tool email snmptool@sans.org for information.