| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1320679607.82851.YahooMailClassic@web2802.biz.mail.ne1.yahoo.com> Date: Mon, 7 Nov 2011 07:26:47 -0800 (PST) From: dh@...ereddefense.com To: full-disclosure@...ts.grok.org.uk Subject: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage - percX at foofus.net ============================================================================ Foofus.net Security Advisory: foofus-20111107 ============================================================================ Title: Lexmark Multifunction Printer Information exposure Version: X656de Vendor: Lexmark Release Date: 08/05/2011 ============================================================================ 1. Summary: Lexmark multifunction printer device found to be vulnerable to an information leakage vulnerability. ============================================================================ 2. Description: Passwords can be extracted in plan text from the settings export file. http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf ============================================================================ 3. Impact: Exploiting this allows an adversary to extract passwords that can be used to gain access to other critical systems. ============================================================================ 4. Affected Products: Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0) Other Lexmark and Dell branded Multifunction printers may also be vulnerable ============================================================================ 5. Solution: Insure that a complex password is set on printer. ============================================================================ 6) Time Table: 08/05/2011 Vulnerability disclosed. 11/07/2011 Publishes Advisory ============================================================================ 7) Credits: Discovered by Deral Heiland PercX ============================================================================ 8. Reference: http://www.foofus.net/?page_id=483 http://www.foofus.net http://praeda.foofus.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists