---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: HP LaserJet / Digital Sender Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA33779 VERIFY ADVISORY: http://secunia.com/advisories/33779/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: HP Color LaserJet 4730 Series http://secunia.com/advisories/product/21325/ HP LaserJet 4345 Series http://secunia.com/advisories/product/21324/ HP LaserJet 9040 / 9050 Series http://secunia.com/advisories/product/21326/ HP LaserJet 4240 / 4250 / 4340 Series http://secunia.com/advisories/product/21330/ HP LaserJet 2410 / 2420 / 2430 http://secunia.com/advisories/product/21329/ HP Color LaserJet 9500 Series http://secunia.com/advisories/product/21328/ HP 9200C Digital Sender http://secunia.com/advisories/product/21327/ DESCRIPTION: A vulnerability has been reported in HP LaserJet and Digital Sender products, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error within the embedded web server, which can be exploited to gain access to files outside the web root via directory traversal attacks. The vulnerability is reported in the following products and versions: * HP LaserJet 2410 with firmware prior to 20080819 SPCL112A * HP LaserJet 2420 with firmware prior to 20080819 SPCL112A * HP LaserJet 2430 with firmware prior to 20080819 SPCL112A * HP LaserJet 4250 with firmware prior to 20080819 SPCL015A * HP LaserJet 4350 with firmware prior to 20080819 SPCL015A * HP LaserJet 9040 with firmware prior to 20080819 SPCL110A * HP LaserJet 9050 with firmware prior to 20080819 SPCL110A * HP LaserJet 4345mfp with firmware prior to 09.120.9 * HP Color LaserJet 4730mfp with firmware prior to 46.200.9 * HP LaserJet 9040mfp with firmware prior to 08.110.9 * HP LaserJet 9050mfp with firmware prior to 08.110.9 * HP 9200C Digital Sender with firmware prior to 09.120.9 * HP Color LaserJet 9500mfp with firmware prior to 08.110.9 SOLUTION: The vendor has issued updated firmware versions (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Shmoov and r@b13$, Digital Defense, Inc. Vulnerability Research Team ORIGINAL ADVISORY: HPSBPI02398 SSRT080166: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------