Secunia Security Advisory - A vulnerability has been reported in various Lexmark printers, which can be exploited by malicious people to cause a DoS (Denial of Service).
5cc3e8fb4acd5848c3d30804b922fa35a0201504f74df05ae544a1279dc84a0f
----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Lexmark Printers HTTP "Authorization" Header Denial of Service
SECUNIA ADVISORY ID:
SA39642
VERIFY ADVISORY:
http://secunia.com/advisories/39642/
DESCRIPTION:
A vulnerability has been reported in various Lexmark printers, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an error when processing certain
HTTP "Authentication" headers. This can be exploited to e.g. crash a
vulnerable device by sending HTTP requests containing certain invalid
characters in the "Authentication" header to the device's TCP services
making use of HTTP (e.g. ports 80, 443, 8000, and 631).
Please see the vendor advisory for a list of affected products and
versions.
SOLUTION:
Please see the vendor advisory for details on how to obtain an
updated firmware or to apply a workaround.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------