Lexmark X656de Printer Information Leakage

Lexmark X656de Printer Information Leakage: Posted Nov 8, 2011; Authored by Deral Heiland | Site foofus.net; The Lexmark X656de multifunction printer suffers from a remote password disclosure vulnerability.; tags | exploit, remote; SHA-256 | 6f0b0ae716eef7a6fc0485b242d176d9a146bd109f1d952e0a3ecc8b624fb444; Download | Favorite | View

Lexmark X656de Printer Information Leakage

============================================================================
Foofus.net Security Advisory: foofus-20111107
============================================================================
Title:    Lexmark Multifunction Printer Information exposure
Version:  X656de
Vendor:    Lexmark 
Release Date:  08/05/2011
============================================================================

1. Summary:

Lexmark multifunction printer device found to be vulnerable to an information leakage
vulnerability.  

============================================================================

2. Description:

Passwords can be extracted in plan text from the settings export file.
http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf

============================================================================

3. Impact:

Exploiting this allows an adversary to extract passwords that can be used to gain
access to other critical systems.

============================================================================

4. Affected Products:
Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0)
Other Lexmark and Dell branded Multifunction printers may also be vulnerable


============================================================================

5. Solution:

   Insure that a complex password is set on printer.

============================================================================

6) Time Table:

08/05/2011 Vulnerability Disclosed.
11/07/2011 Publishes Advisory

============================================================================

7) Credits: Discovered by Deral Heiland PercX 

============================================================================

8. Reference:
 http://www.foofus.net/?page_id=483
 http://www.foofus.net
 http://praeda.foofus.net


============================================================================
 
The Foofus.Net team is an assortment of security professionals located 
through out the United States. http://www.foofus.net
Follow percX on Twitter @Percent_X

============================================================================

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Lexmark X656de Printer Information Leakage

Lexmark X656de Printer Information Leakage

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Lexmark X656de Printer Information Leakage

Share This

Lexmark X656de Printer Information Leakage

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems