--
kim0 <kim0@phenoelit.de>
Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-++>
[ Authors ]
FX <fx@phenoelit.de>
FtR <ftr@phenoelit.de>
kim0 <kim0@phenoelit.de>
DasIch <DasIch@phenoelit.de>
Phenoelit Group (http://www.phenoelit.de)
Advisory http://www.phenoelit.de/stuff/Brother_NC.txt
[ Affected Products ]
Brother Corporation
NC-3100h
Brother Bug ID: Not assigned
[ Vendor communication ]
06/29/02 Initial Notification
*Note-Initial notification by phenoelit
includes a cc to cert@cert.org by default
07/19/02 Notification of intent to post public
in apx. 7 days.
[ Overview ]
The Brother NC-3100h provides network connectivity for Brother
printers (much in the same way as the HP JetDirect card).
[ Description ]
By sending an oversized administrative password using the web-interface,
an attacker can cause the printer to crash.
[ Example ]
Enter a password for the administrator that is 136 characters or more
and <click> the button. The printer will crash.
[ Solution ]
None known at this time.
[ end of file ]
