Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-++>

[ Authors ]
	FX		<fx@phenoelit.de>
	FtR 		<ftr@phenoelit.de>
	kim0 		<kim0@phenoelit.de>	
	DasIch 		<DasIch@phenoelit.de>

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory	http://www.phenoelit.de/stuff/Brother_NC.txt

[ Affected Products ]
	Brother Corporation
				NC-3100h

	Brother Bug ID: 	Not assigned

[ Vendor communication ]
        06/29/02        Initial Notification
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        07/19/02        Notification of intent to post public
                        in apx. 7 days.


[ Overview ]
	The Brother NC-3100h provides network connectivity for Brother 
	printers (much in the same way as the HP JetDirect card). 
	
[ Description ]
	By sending an oversized administrative password using the web-interface, 
	an attacker can cause the printer to crash.

[ Example ]
	Enter a password for the administrator that is 136 characters or more 
	and <click> the button. The printer will crash.

[ Solution ]
	None known at this time. 

[ end of file ]