20060824 FXPS Print Engine Vulnerabilities
Indiana University Security Advisory:
Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities
Advisory ID:
20060824_FXPS_Print_Engine_Vulnerabilities
Advisory revisions:
- 08-24-2006 2350 UTC 1.0 Initial Public Release
- 09-11-2006 1330 UTC 1.1 Added Dell KB entry to references section
- 10-13-2006 1525 UTC 1.2 Added additional products affected
Issues:
FTP bounce attack is possible when FTP printing is enabled (CVE-2006-2112)
Embedded HTTP server allows unauthenticated access to system configuration and settings (CVE-2006-2113)
Credit/acknowledgement:
CVE-2006-2112
- Date of discovery: 04-11-2006
- Nate Johnson, Lead Security Engineer, Indiana University
- Sean Krulewitch, Deputy IT Security Officer, Indiana University
CVE-2006-2113
- Date of discovery: 04-11-2006
- Sean Krulewitch, Deputy IT Security Officer, Indiana University
Summary:
Certain FXPS print engines contain vulnerabilities that allow a remote attacker to perform FTP bounce attacks through the FTP printing interface or allow unauthenticated access to the embedded HTTP remote user interface. The first vulnerability is due to a failure to restrict the connections made by the FTP PORT command. This allows an attacker to cause the FTP server to make arbitrary connections to ports on another system, which can be used to bypass access controls and hide the true identity of the source of the attacker's traffic. The second
vulnerability is due to a failure to properly authenticate HTTP
requests. Specially constructed HTTP requests allow an attacker to make unauthorized changes to system configuration and settings, and can also be used to cause a denial of service against a vulnerable print server. A successful attacker would be able to reset the administrator password but would not be capable of exposing the current password.
Mitigation/workarounds:
Disabling FTP printing prevents the FTP bounce attack. Disabling the embedded web server prevents the DoS/unauthorized configuration change attack. Best practice suggests that access controls and network firewall policies be put into place to only allow connections from trusted machines and networks.
Criticality:
These vulnerabilities have a combined risk of moderately critical.
Products affected:
- Dell 5110cn, firmware versions less than A01
- Dell 3110cn, firmware versions less than A01
- Dell 3010cn, firmware versions less than A01
- Dell 5100cn, firmware versions less than A05
- Dell 3100cn, firmware versions less than A05
- Dell 3000cn, firmware versions less than A05
- Fuji Xerox DocuPrint 181, firmware less than 20060628
- Fuji Xerox DocuPrint 181 Network Option Card, firmware less than 5.13
- Fuji Xerox DocuPrint 211, firmware less than 20060628
- Fuji Xerox DocuPrint 211 Network Option Card, firmware less than 5.13
- Fuji Xerox DocuPrint C525A, firmware less than 200606141519
- Fuji Xerox DocuPrint C525A Network Option Card, firmware less than 8.17
- Fuji Xerox DocuPrint C830, firmware less than 20060628
- Fuji Xerox DocuPrint C830 Network Option Card, firmware less than 5.13
- Fuji Xerox DocuPrint C1616, firmware less than 20060628
- Fuji Xerox DocuPrint C1616 Network Option Card, firmware less than 5.13
- Fuji Xerox Phaser 6201J firmware less than 5.13
- Fuji Xerox DocuPrint C2535A
- Other OEM products using the affected FXPS print engine
Recommended steps:
Apply vendor patches and disable remote protocols that are not necessary.
References:
