BugTraq
foofus.net security advisory - Lexmark Multifunction Printer Information Leakage Nov 07 2011 03:32PM
percx foofus net (1 replies)
========================================================================
====
Foofus.net Security Advisory: foofus-20111107
========================================================================
====
Title: Lexmark Multifunction Printer Information exposure
Version: X656de
Vendor: Lexmark
Release Date: 08/05/2011
========================================================================
====

1. Summary:

Lexmark multifunction printer device found to be vulnerable to an information leakage
vulnerability.

========================================================================
====

2. Description:

Passwords can be extracted in plan text from the settings export file.
http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/sett
ingfile.ucf

========================================================================
====

3. Impact:

Exploiting this allows an adversary to extract passwords that can be used to gain
access to other critical systems.

========================================================================
====

4. Affected Products:
Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0)
Other Lexmark and Dell branded Multifunction printers may also be vulnerable

========================================================================
====

5. Solution:

Insure that a complex password is set on printer.

========================================================================
====

6) Time Table:

08/05/2011 Vulnerability Disclosed.
11/07/2011 Publishes Advisory

========================================================================
====

7) Credits: Discovered by Deral Heiland PercX

========================================================================
====

8. Reference:
http://www.foofus.net/?page_id=483
http://www.foofus.net
http://praeda.foofus.net

========================================================================
====

The Foofus.Net team is an assortment of security professionals located
through out the United States. http://www.foofus.net
Follow percX on Twitter @Percent_X

========================================================================
====

[ reply ]
Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage Nov 10 2011 09:04AM
Sergio Gelato (Sergio Gelato astro su se)


 

Privacy Statement
Copyright 2010, SecurityFocus