UPDATE: It appears this vulnerability has been rectified in later versions of the printer controller software. As it stands, printers installed with the controller software above a certain version are NOT vulnerable, and it appears the latest Infoprint series printers are indeed not vulnerable. Thanks to Fredrik Björk <Fredrik.Bjork.List@varbergenergi.se> and Onyx Thanes <wewe@personal.ro> for information relating to non-vulnerable versions: Confirmed vulnerable: IBM Infoprint 21 - Controller Code Level: 1.047012 Confirmed NOT vulnerable: IBM Infoprint 21 - Controller Code Level: 1.056007 Any newer Infoprint models As to when IBM started releasing the printers with the non-vulnerable software installed, well, you'd have to ask IBM for that. > -----Original Message----- > From: Toni Lassila > Sent: Friday, October 25, 2002 12:19 > To: bugtraq@securityfocus.com > Subject: IBM Infoprint Remote Management Simple DoS > > > Overview > ======== > IBM makes a series of TCP/IP enabled printers that come with remote > management features: > > <http://www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect> > > One of these features is a Telnet-based remote management > service, which has a DoS vulnerability. The vulnerability > discussed here was tested on an IBM Infoprint 21 (older > model), but is probably present in other printers > of the same product line.
