Sign-up

ID

VAR-200604-0523


CVE

CVE-2006-2108


TITLE

Oce 3121/3122 parser.exe Printer Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-2778

DESCRIPTION

parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow. The Oce 2121/3122 printer is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the device to properly handle user-supplied data. An attacker can exploit this issue to crash the device, effectively denying service to legitimate users. TITLE: Oc\xe9 3121/3122 Printer Long URL Denial of Service SECUNIA ADVISORY ID: SA19847 VERIFY ADVISORY: http://secunia.com/advisories/19847/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: OCE 3121/3122 http://secunia.com/product/9606/ DESCRIPTION: Herman Groeneveld has reported a vulnerability in Oc\xe9 3121/3122 Printer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the built-in webserver when handling user-supplied URL. This can be exploited to cause the printer to stop printing until it is restarted. SOLUTION: Restrict access of the printer to trusted users only. PROVIDED AND/OR DISCOVERED BY: Herman Groeneveld ORIGINAL ADVISORY: http://milw0rm.com/exploits/1718 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.89

sources: NVD: CVE-2006-2108 // CNVD: CNVD-2006-2778 // BID: 17715 // VULHUB: VHN-18216 // PACKETSTORM: 45764

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-2778

AFFECTED PRODUCTS

vendor:oce north americamodel:3121 printerscope:eqversion: -

Trust: 1.6

vendor:oce north americamodel:3122 printerscope:eqversion: -

Trust: 1.6

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:oce north americamodel:printerscope:eqversion:3121/31220

Trust: 0.3

sources: CNVD: CNVD-2006-2778 // BID: 17715 // CNNVD: CNNVD-200604-550 // NVD: CVE-2006-2108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2108
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-2778
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200604-550
value: HIGH

Trust: 0.6

VULHUB: VHN-18216
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-2108
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-2778
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-18216
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-2778 // VULHUB: VHN-18216 // CNNVD: CNNVD-200604-550 // NVD: CVE-2006-2108

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-18216 // NVD: CVE-2006-2108

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-550

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200604-550

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-18216

EXTERNAL IDS
db:BIDid:17715
Trust: 2.6
db:NVDid:CVE-2006-2108
Trust: 2.3
db:SECUNIAid:19847
Trust: 1.9
db:EXPLOIT-DBid:1718
Trust: 1.8
db:OSVDBid:25000
Trust: 1.7
db:CNNVDid:CNNVD-200604-550
Trust: 0.7
db:CNVDid:CNVD-2006-2778
Trust: 0.6
db:VULHUBid:VHN-18216
Trust: 0.1
db:PACKETSTORMid:45764
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-2778 // 
            
            
            
            VULHUB: VHN-18216 // 
            
            
            
            BID: 17715 // 
            
            
            
            PACKETSTORM: 45764 // 
            
            
            
            CNNVD: CNNVD-200604-550 // 
            
            
            
            NVD: CVE-2006-2108

REFERENCES
url:http://www.securityfocus.com/bid/17715
Trust: 2.9
url:https://www.exploit-db.com/exploits/1718
Trust: 1.7
url:http://www.osvdb.org/25000
Trust: 1.7
url:http://secunia.com/advisories/19847
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26123
Trust: 1.7
url:http://www.oceusa.com/index.jsp?folder%3c%3efolder_id=1408474395186237&folder%3c%3ebrowsepath=1408474395186237&bmuid=1146153116843
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/19847/
Trust: 0.1
url:http://secunia.com/product/9606/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://milw0rm.com/exploits/1718
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-2778 // 
            
            
            
            VULHUB: VHN-18216 // 
            
            
            
            BID: 17715 // 
            
            
            
            PACKETSTORM: 45764 // 
            
            
            
            CNNVD: CNNVD-200604-550 // 
            
            
            
            NVD: CVE-2006-2108

CREDITS
Herman Groeneveld aka sh4d0wman is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 17715 // 
            
            
            
            CNNVD: CNNVD-200604-550

SOURCES
db:CNVDid:CNVD-2006-2778
db:VULHUBid:VHN-18216
db:BIDid:17715
db:PACKETSTORMid:45764
db:CNNVDid:CNNVD-200604-550
db:NVDid:CVE-2006-2108

LAST UPDATE DATE
2024-08-14T15:20:06.936000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-2778date:2006-04-29T00:00:00
db:VULHUBid:VHN-18216date:2020-02-10T00:00:00
db:BIDid:17715date:2006-04-27T19:46:00
db:CNNVDid:CNNVD-200604-550date:2020-05-26T00:00:00
db:NVDid:CVE-2006-2108date:2020-02-10T21:09:08.687

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-2778date:2006-04-29T00:00:00
db:VULHUBid:VHN-18216date:2006-04-29T00:00:00
db:BIDid:17715date:2006-04-27T00:00:00
db:PACKETSTORMid:45764date:2006-04-27T21:57:26
db:CNNVDid:CNNVD-200604-550date:2006-04-29T00:00:00
db:NVDid:CVE-2006-2108date:2006-04-29T10:02:00