{"id":483,"date":"2011-11-07T09:03:54","date_gmt":"2011-11-07T15:03:54","guid":{"rendered":"http:\/\/www.foofus.net\/?page_id=483"},"modified":"2011-11-07T09:03:54","modified_gmt":"2011-11-07T15:03:54","slug":"lexmark-multifunction-printer-information-exposure","status":"publish","type":"page","link":"http:\/\/h.foofus.net\/?page_id=483","title":{"rendered":"Lexmark Multifunction Printer Information Exposure"},"content":{"rendered":"<p>============================================================================<br \/>\nFoofus.net Security Advisory: foofus-20111107<br \/>\n============================================================================<br \/>\nTitle:\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Lexmark Multifunction Printer Information exposure<br \/>\nVersion:\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 X656de<br \/>\nVendor:\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0 Lexmark<br \/>\nRelease Date: \u00a0 08\/05\/2011<br \/>\n============================================================================<\/p>\n<p>1. Summary:<\/p>\n<p>Lexmark multifunction printer device found to be vulnerable to an information leakage<br \/>\nvulnerability.<\/p>\n<p>============================================================================<\/p>\n<p>2. Description:<\/p>\n<p>Passwords can be extracted in plan text from the settings export file.<br \/>\nhttp:\/\/hostname-IP_Address\/cgi-bin\/exportfile\/printer\/config\/secure\/settingfile.ucf<\/p>\n<p>============================================================================<\/p>\n<p>3. Impact:<\/p>\n<p>Exploiting this allows an adversary to extract passwords that can be used to gain<br \/>\naccess to other critical systems.<\/p>\n<p>============================================================================<\/p>\n<p>4. Affected Products:<br \/>\nLexmark X656de multifunction printer (Firmware version LR.MN.P224a-0)<br \/>\nOther Lexmark and Dell branded Multifunction printers may also be vulnerable<\/p>\n<p>============================================================================<\/p>\n<p>5. Solution:<\/p>\n<p>Insure that a complex password is set on printer.<\/p>\n<p>Upgrade firmware to release version LR.MN.P311e or newer<\/p>\n<p>&#8220;To obtain firmware that resolves this issue, or if you have special<br \/>\ncode, please contact Lexmark\u2019s Technical Support Center to find your local<br \/>\nsupport center.&#8221;<\/p>\n<p>============================================================================<\/p>\n<p>6) Time Table:<\/p>\n<p>08\/05\/2011 Vulnerability disclosed.<br \/>\n11\/07\/2011 Publishes Advisory<\/p>\n<p>============================================================================<\/p>\n<p>7) Credits: Discovered by Deral Heiland PercX<\/p>\n<p>============================================================================<\/p>\n<p>8. Reference:<br \/>\nhttp:\/\/www.foofus.net\/?page_id=483<br \/>\nhttp:\/\/www.foofus.net<br \/>\nhttp:\/\/praeda.foofus.net<\/p>\n<p>============================================================================<\/p>\n<p>The Foofus.Net team is an assortment of security professionals located<br \/>\nthrough out the United States. http:\/\/www.foofus.net<br \/>\nFollow percX on Twitter @Percent_X<\/p>\n<p>============================================================================<\/p>\n","protected":false},"excerpt":{"rendered":"<p>============================================================================ Foofus.net Security Advisory: foofus-20111107 ============================================================================ Title:\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Lexmark Multifunction Printer Information exposure Version:\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 X656de Vendor:\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0 Lexmark Release Date: \u00a0 08\/05\/2011 ============================================================================ 1. Summary: Lexmark multifunction printer device found to be vulnerable to an information leakage vulnerability. ============================================================================ 2. Description: Passwords can be extracted in plan text from the settings export [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":273,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-483","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=483"}],"version-history":[{"count":0,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/483\/revisions"}],"up":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/273"}],"wp:attachment":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}