ID

VAR-200608-0046

CVE

CVE-2006-2113

TITLE

Fuji Xerox Printing Systems Embedded HTTP Server Multiple Vulnerabilities

DESCRIPTION

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. These issues occur because the application fails to properly validate HTTP requests. An attacker can exploit these issues to bypass authentication and gain administrative access to the affected embedded application or to cause denial-of-service conditions. This may lead to other attacks. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Dell Color Laser Printers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21630 VERIFY ADVISORY: http://secunia.com/advisories/21630/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From local network OPERATING SYSTEM: Dell Color Laser Printer 5110cn http://secunia.com/product/11721/ Dell Color Laser Printer 5100cn http://secunia.com/product/11733/ Dell Color Laser Printer 3110cn http://secunia.com/product/11734/ Dell Color Laser Printer 3100cn http://secunia.com/product/11736/ Dell Color Laser Printer 3010cn http://secunia.com/product/11735/ Dell Color Laser Printer 3000cn http://secunia.com/product/11737/ DESCRIPTION: Some vulnerabilities have been reported in various Dell Color Laser Printers, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service). 1) The embedded FTP server does not restrict the use of the FTP PORT command. This can be exploited to connect to arbitrary systems through the FTP server. This can be exploited to make unauthorized changes to the system configuration or to cause a DoS. The vulnerability has been reported in Dell 5110cn, Dell 3110cn, and Dell 3010cn with firmware versions prior to A01 and in Dell 5100cn, Dell 3100cn, and Dell 3000cn with firmware versions prior to A05. NOTE: Other products using the Fuji Xerox Printing Engine may also be affected. SOLUTION: Apply patches. Dell 5110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130538.EXE Dell 3110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130356.EXE Dell 3010cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R132075.EXE Dell 5100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132718.EXE Dell 3100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132079.EXE Dell 3000cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132368.EXE PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. ORIGINAL ADVISORY: https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities Advisory ID: 20060824_FXPS_Print_Engine_Vulnerabilities[2] Revisions: 08-24-2006 2350 UTC 1.0 Initial Public Release Issues: FTP bounce attack is possible when FTP printing is enabled (CVE-2006-2112)[3] Embedded HTTP server allows unauthenticated access to system configuration and settings (CVE-2006-2113)[4] Credit/acknowledgement: CVE-2006-2112 Date of discovery: 04-11-2006 Nate Johnson, Lead Security Engineer, Indiana University Sean Krulewitch, Deputy IT Security Officer, Indiana University CVE-2006-2113 Date of discovery: 04-11-2006 Sean Krulewitch, Deputy IT Security Officer, Indiana University Summary: Certain FXPS print engines contain vulnerabilities that allow a remote attacker to perform FTP bounce attacks through the FTP printing interface or allow unauthenticated access to the embedded HTTP remote user interface. This allows an attacker to cause the FTP server to make arbitrary connections to ports on another system, which can be used to bypass access controls and hide the the true identity of the source of the attacker's traffic. A successful attacker would be able to reset the administrator password but would not be capable of exposing the current password. Mitigation/workarounds: Disabling FTP printing prevents the FTP bounce attack. Disabling the embedded web server prevents the DoS/unauthorized configuration change attack. Best practice suggests that access controls and network firewall policies be put into place to only allow connections from trusted machines and networks. Criticality: These vulnerabilities have a combined risk of moderately critical. Footnotes: [1] http://www.fxpsc.co.jp/en/ [2] https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113 [5] http://ftp.us.dell.com/printer/R130538.EXE [6] http://ftp.us.dell.com/printer/R130356.EXE [7] http://ftp.us.dell.com/printer/R132075.EXE [8] http://ftp.us.dell.com/printer/R132718.EXE [9] http://ftp.us.dell.com/printer/R132079.EXE [10] http://ftp.us.dell.com/printer/R132368.EXE All contents are Copyright 2006 The Trustees of Indiana University. All rights reserved. - -- Sean Krulewitch, Deputy IT Security Officer IT Security Office, Office of the VP for Information Technology Indiana University For PGP Key or S/MIME cert: https://www.itso.iu.edu/Sean_Krulewitch -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe AJYb0WM59jddPs4cSXaZOyQq =Y7Kv -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

authorization issue

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Sean Krulewitch is credited with the discovery of these vulnerabilities.

SOURCES

LAST UPDATE DATE

2024-08-14T14:08:27.400000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE