I have a large collection of HP LaserJet printers- 4000, 4100, 4200, 4300, 4345, M3027, 4101, 8150. Our new corporate parent is very strict on network security and they have installed an appliance from Qualys that scans the network for vulnerabilties. I have several related to our HP printers and I'm hoping someone can assist me in finding a way to mitigate these vulnerabilties, hopefully through modifying printer settings. I'm not overly technical so forgive me if I'm missing the obvious. I've upgraded to the latest firmware for most printers. I'll have a few posts similar to this one, though with different issues.
Qualys is reporting this:
- ICMP Based TCP Reset Denial of Service Vulnerability
- The target host is vulnerable to a denial of service condition. The TCP stack present on the host allows an ICMP hard-error packet to reset an established TCP connection that the packet identifies. An example ICMP hard error (defined in the IETF RFCs) is the ICMP message "fragmentation required, but Do-Not-Fragment bit is set".
- Since ICMP packets can be spoofed, attackers can exploit this issue by guessing the IP address and port numbers of a TCP connection established on the host, and then resetting these connections simply by sending an ICMP hard-error packet.
- HP has released an updated advisory HPSBUX01164 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00576017) to address this issue. Note that I did review this and it is either above my head or it doesn't apply to printers.
Microsoft Security Bulletin MS05-019 (http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx).
Symantec has released an advisory SYM05-008 (http://securityresponse.symantec.com/avcenter/security/Content/2005.05.02.html)
Cisco has released an advisory cisco-sa-20050412-icmp (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050412-icmp) and fixes to address these vulnerabilities.
A workaround is to block ICMP hard-error packets using a firewall.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
HPSBUX01164: HP-UX (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00576017) MS05-019: Windows (http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx) SYM05-008 (http://securityresponse.symantec.com/avcenter/security/Content/2005.05.02.html) cisco-sa-20050412-icmp (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050412-icmp)
Can anyone offer a solution to this?
