Lexmark Markvision Printer Driver Buffer Overflow Vulnerabilities

MarkVision is a driver software package engineered to allow UNIX systems use Lexmark Printers. It is distributed by Lexmark International. A problem in the driver software could allow elevation of privileges.

The problem occurs in the binaries included with the MarkVision package. Buffer overflows exist in the cat_network, cat_parallel, and cat_serial packages that could allow the overwriting of variables on the stack. Due to the design flaws in these programs accompanied by these programs being SUID root, it is possible for a malicious user to gain elevated privileges, and potentially administrative access on a system with these drivers installed.


 

Privacy Statement
Copyright 2010, SecurityFocus