lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 24 Aug 2006 19:52:02 -0400
From: "Krulewitch, Sean V" <krulewit@...edu>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Indiana University Security Advisory: Fuji Xerox
	Printing Systems (FXPS) print engine vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Indiana University Security Advisory: 
Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities

Advisory ID:
20060824_FXPS_Print_Engine_Vulnerabilities[2]

Revisions:
08-24-2006 2350 UTC	1.0	Initial Public Release

Issues:
FTP bounce attack is possible when FTP printing is enabled
(CVE-2006-2112)[3]

Embedded HTTP server allows unauthenticated access to system
configuration and settings (CVE-2006-2113)[4]

Credit/acknowledgement:
CVE-2006-2112
Date of discovery: 04-11-2006
Nate Johnson, Lead Security Engineer, Indiana University
Sean Krulewitch, Deputy IT Security Officer, Indiana University

CVE-2006-2113
Date of discovery: 04-11-2006
Sean Krulewitch, Deputy IT Security Officer, Indiana University

Summary:
Certain FXPS print engines contain vulnerabilities that allow a remote
attacker to perform FTP bounce attacks through the FTP printing
interface or allow unauthenticated access to the embedded HTTP remote
user interface.  The first vulnerability is due to a failure to restrict
the connections made by the FTP PORT command.  This allows an attacker
to cause the FTP server to make arbitrary connections to ports on
another system, which can be used to bypass access controls and hide the
the true identity of the source of the attacker's traffic.  The second
vulnerability is due to a failure to properly authenticate HTTP
requests.  Specially constructed HTTP requests allow an attacker to make
unauthorized changes to system configuration and settings, and can also
be used to cause a denial of service against a vulnerable print server.
A successful attacker would be able to reset the administrator password
but would not be capable of exposing the current password.

Mitigation/workarounds:
Disabling FTP printing prevents the FTP bounce attack.  Disabling the
embedded web server prevents the DoS/unauthorized configuration change
attack.  Best practice suggests that access controls and network
firewall policies be put into place to only allow connections from
trusted machines and networks.

Criticality:
These vulnerabilities have a combined risk of moderately critical.

Products affected:
Dell 5110cn, firmware versions less than A01 [5]
Dell 3110cn, firmware versions less than A01 [6]
Dell 3010cn, firmware versions less than A01 [7]
Dell 5100cn, firmware versions less than A05 [8]
Dell 3100cn, firmware versions less than A05 [9]
Dell 3000cn, firmware versions less than A05 [10]
Other OEM products using the affected FXPS print engine

Recommended steps:
Apply vendor patches and disable remote protocols that are not
necessary.  

Footnotes:
[1]	http://www.fxpsc.co.jp/en/
[2]	https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
[3]	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112
[4]	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113
[5]	http://ftp.us.dell.com/printer/R130538.EXE
[6]	http://ftp.us.dell.com/printer/R130356.EXE
[7]	http://ftp.us.dell.com/printer/R132075.EXE
[8]	http://ftp.us.dell.com/printer/R132718.EXE
[9]	http://ftp.us.dell.com/printer/R132079.EXE
[10]	http://ftp.us.dell.com/printer/R132368.EXE

All contents are Copyright 2006 The Trustees of Indiana University. All
rights reserved.

- -- 
Sean Krulewitch, Deputy IT Security Officer
IT Security Office, Office of the VP for Information Technology
Indiana University
For PGP Key or S/MIME cert:  https://www.itso.iu.edu/Sean_Krulewitch

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe
AJYb0WM59jddPs4cSXaZOyQq
=Y7Kv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ