Re: HP Laserjet 4M Plus DirectJet Problem

Darren Reed (avalon@COOMBS.ANU.EDU.AU)
Sun, 05 Oct 1997 13:45:33 +1000

In some mail from Klaus Steding-Jessen, sie said:
[...]
> Anyone can confirm this with other printers? I think HP 5M is
> also vulnerable, but I've not tested.

They are. All the HP printers which can be configured for TCP/IP have
this `feature', I think. Actually, if you look at the print filters
installed by the JetDirect software, you'll see that they actually use
those ports to deliver documents to. Ports 9099 and 9100 would appear
to fall into the "undocumented feature" category, although they're very
easily discovered.

However, the telnet feature is a definate problem, as anyone can login
to the printer and (re)configure it.

Hmmm, if postscript allowed you to make arbitary TCP/IP connections, you'd
even be able to run a portscan (and more!) from the printer :-)

Darren