Executive Summary

Summary
Title HP Photosmart B210 printer SMB server buffer overflow vulnerability
Informations
Name VU#840844 First vendor Publication 2015-10-21
Vendor VU-CERT Last vendor Modification 2015-10-21
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#840844

HP Photosmart B210 printer SMB server buffer overflow vulnerability

Original Release date: 21 Oct 2015 | Last revised: 21 Oct 2015

Overview

The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted.

Description

Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service condition on the HP Photosmart B210 printer. This is a persistent denial of service that requires the printer to be manually restarted to resume normal operations.

HP has released the following statement:

    "HP has examined this issue reported on the Photosmart B210 and has verified the printer could become unresponsive when fuzzed with the code provided. At no time did we identify buffer overflows with this tool nor our code inspection. The attempted attack produces a non-permanent denial of service.

    HP's recommendation for existing models affected by this attack is to power cycle the device to return it to a working state.

    HP continually works to improve security and is taking steps to ensure current and future products are not susceptible to this attack."

The underlying cause of the crash remains unclear.

Impact

An unauthenticated user on the same network as the printer may be able to cause a persistent denial of service, requiring the printer to be restarted to regain functionality.

Solution

The CERT/CC is currently unaware of a full solution to this problem. However, the following advice may be useful.

Power cycle the printer

HP points out that the printer will resume normal function after a power cycle.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected24 Aug 201502 Oct 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.1AV:A/AC:L/Au:N/C:N/I:N/A:C
Temporal5.8E:F/RL:U/RC:C
Environmental4.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://www.rapid7.com/db/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt

Credit

Thanks to Avery Raaymakers for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:Unknown
  • Date Public:21 Oct 2015
  • Date First Published:21 Oct 2015
  • Date Last Updated:21 Oct 2015
  • Document Revision:25

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/840844

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2015-10-22 00:21:19
  • First insertion