Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

foofus.net security advisory - Lexmark Multifunction Printer Information Leakage - percX at foofus.net

From: dh () layereddefense com
Date: Mon, 7 Nov 2011 07:26:47 -0800 (PST)
============================================================================
Foofus.net Security Advisory: foofus-20111107
============================================================================
Title:          Lexmark Multifunction Printer Information exposure
Version:        X656de
Vendor:         Lexmark 
Release Date:   08/05/2011
============================================================================

1. Summary:

Lexmark multifunction printer device found to be vulnerable to an information leakage
vulnerability.  

============================================================================

2. Description:

Passwords can be extracted in plan text from the settings export file.
http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf

============================================================================

3. Impact:

Exploiting this allows an adversary to extract passwords that can be used to gain
access to other critical systems.

============================================================================

4. Affected Products:
Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0)
Other Lexmark and Dell branded Multifunction printers may also be vulnerable


============================================================================

5. Solution:

   Insure that a complex password is set on printer.

============================================================================

6) Time Table:

08/05/2011 Vulnerability disclosed.
11/07/2011 Publishes Advisory

============================================================================

7) Credits: Discovered by Deral Heiland PercX 

============================================================================

8. Reference:
 http://www.foofus.net/?page_id=483
 http://www.foofus.net
 http://praeda.foofus.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: