Full Disclosure mailing list archives
foofus.net security advisory - Lexmark Multifunction Printer Information Leakage - percX at foofus.net
From: dh () layereddefense com
Date: Mon, 7 Nov 2011 07:26:47 -0800 (PST)
============================================================================ Foofus.net Security Advisory: foofus-20111107 ============================================================================ Title: Lexmark Multifunction Printer Information exposure Version: X656de Vendor: Lexmark Release Date: 08/05/2011 ============================================================================ 1. Summary: Lexmark multifunction printer device found to be vulnerable to an information leakage vulnerability. ============================================================================ 2. Description: Passwords can be extracted in plan text from the settings export file. http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf ============================================================================ 3. Impact: Exploiting this allows an adversary to extract passwords that can be used to gain access to other critical systems. ============================================================================ 4. Affected Products: Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0) Other Lexmark and Dell branded Multifunction printers may also be vulnerable ============================================================================ 5. Solution: Insure that a complex password is set on printer. ============================================================================ 6) Time Table: 08/05/2011 Vulnerability disclosed. 11/07/2011 Publishes Advisory ============================================================================ 7) Credits: Discovered by Deral Heiland PercX ============================================================================ 8. Reference: http://www.foofus.net/?page_id=483 http://www.foofus.net http://praeda.foofus.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- foofus.net security advisory - Lexmark Multifunction Printer Information Leakage - percX at foofus.net dh (Nov 08)