Lexmark Security Advisory:
Revision: 1.1 Last update: 21 July 2014 Public Release Date: 28 July 2014
Summary
Multiple OpenSSL vulnerabilities
Recently announced vulnerabilities in OpenSSL allow for possible attacks against the SSL & TLS protocols. These vulnerabilities affect multiple Lexmark products.
This advisory will be updated as additional information becomes available.
References
CVE:
- CVE-2014-0224 SSL/TLS MITM vulnerability
- CVE-2014-0221 DTLS recursion flaw
- CVE-2014-0195 DLTS invalid fragment vulnerability
- CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
- CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection of denial of service
- CVE-2014-3470 ECDH denial of service
- CVE-2014-0076 ECDSA NONCE side channel attack
Details
On June 5, 2014 the OpenSSL Project released a security advisory detailing multiple vulnerabilities. These vulnerabilities include:
CVE-2014-0224 SSL/TLS MITM vulnerability
A remote attacker with the ability to intercept and inject traffic between a vulnerable client and server could successfully force the SSL/TLS protocols to use a known session key, thus rendering the content of those communications vulnerable to interception and modification.
CVSS Base Score: 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) Impact Subscore: 6.4 Exploitability Subscore: 8.6
CVE-2014-0221 DTLS recursion flaw
Sending an invalid DTLS handshake can cause a crash leading to a denial of service attack.
NOTE: No Lexmark products support the DTLS protocol; therefore no Lexmark products are vulnerable to this issue.
CVE-2014-0195 DLTS invalid fragment vulnerability
A buffer overrun can be triggered by sending an invalid DTLS fragment.
NOTE: No Lexmark products support the DTLS protocol; therefore no Lexmark products are vulnerable to this issue.
CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
A remote attacker could send a specially crafted packet that would trigger a crash leading to a denial of service attack.
CVSS Base Score: 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P) Impact Subscore: 2.9 Exploitability Subscore: 8.6
CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection of denial of service
A remote attacker could send a specially crafted packet that would trigger a crash leading to a denial of service attack.
CVSS Base Score: 4.0 (AV:N/AC:H/AU:N/C:N/I:P/A:P) Impact Subscore: 4.9 Exploitability Subscore: 4.9
CVE-2014-3470 ECDH denial of service
A remote attacker could trigger a crash leading to a denial of service attack.
CVSS Base Score: 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P) Impact Subscore: 2.9 Exploitability Subscore: 8.6
CVE-2014-0076 ECDSA NONCE side channel attack
ECDSA nonce is vulnerable to a timing based side channel attack.
CVSS Base Score: 4.3 (AV:N/AC:M/AU:N/C:PI:N/A:N) Impact Subscore: 2.9 Exploitability Subscore: 8.6
CVSS scores are calculated in accordance with CVSS version 2.0 (http://www.first.org/cvss/cvss-guide.html).
Impact
The impact of this vulnerability varies depending on the affected product.
Unaffected Products
The following products have been investigated and are not affected by this vulnerability:
Affected Products
The following products are known to be affected, for specific details see “Product Specific Information” below.
- Lexmark printer products
- Perceptive Content: ImageNow
- Perceptive Search
- Perceptive Process
- Lexmark Document Distributor
- Lexmark Print Management, On-Premise
- Lexmark Fleet Manager
- Cloud Configuration Services
Product Specific Information
Lexmark is individually assessing each product and will update this advisory as more information becomes available.
Laser printer products
The following printers and MFPs are affected:
To determine the level of firmware a device is running, from the control panel select Menu > Reports > Menu Settings Page. If the firmware is listed under “Affected Releases”, update to a “Fixed Release”.
Lexmark Models | Affected Releases | Fixed Releases |
2012 Models | | |
CS310 | LW40.VYL.P449 and previous | LW40.VYL.P450 and later |
CS410 | LW40.VY2.P449 and previous | LW40.VY2.P450 and later |
CS510 | LW40.VY4.P449 and previous | LW40.VY4.P450 and later |
CX310 | LW40.GM2.P449 and previous | LW40.GM2.P450 and later |
CX410 | LW40.GM4.P449 and previous | LW40.GM4.P450 and later |
CX510 & XC2132 | LW40.GM7.P449 and previous | LW40.GM7.P450 and later |
MS310 & MS410 | LW40.PRL.P449 and previous | LW40.PRL.P450 and later |
MS510, MS610dn, MS610dtn, M1145 & M3150dn | LW40.PR2.P449 and previous | LW40.PR2.P450 and later |
MS610de, MS610dte & M3150 | LW40.PR4.P449 and previous | LW40.PR4.P450 and later |
MS71x, MS810n, MS810dn, MS810dtn, MS811, MS812dn, MS812dtn & M5163dn | LW40.DN2.P449 and previous | LW40.DN2.P450 and later |
MS810de, M5155 & M5163 | LW40.DN4.P449 and previous | LW40.DN4.P450 and later |
MS812de & M5170 | LW40.DN7.P449 and previous | LW40.DN7.P450 and later |
MX310 | LW40.SB2.P449 and previous | LW40.SB2.P450 and later |
MX410, MX510, MX511 & XM1145 | LW40.SB4.P449 and previous | LW40.SB4.P450 and later |
MX610, MX611 & XM3150 | LW40.SB7.P449 and previous | LW40.SB7.P450 and later |
MX71x, MX81x, XM51xx & XM71xx | LW40.TU.P449 and previous | LW40.TU.P450 and later |
MX6500e | LF40.JD.P449 and previous | Contact Lexmark Technical Support. |
MS911de | LW40.SA.P448 and previous | LW40.SA.P450 and later |
MX91x | LW40.MG.P449 and previous | LW40.MG.P450 and later |
2010 Models | | |
X548 & XS548 | LHS30.VK.P345and previous | LHS30.VK.P346 and later |
X792 & XS796 | LHS30.MR.P345 and previous | LHS30.MR.P346 and later |
X925 & XS925 | LHS30.HK.P345 and previous | LHS30.HK.P346 and later |
X950, X952, X954 & XS955 | LHS30.TQ.P345 and previous | LHS30.TQ.P346 and later |
6500e | LHS30.JR.P345 and previous | LHS30.JR.P346 and later |
2008 Models | | |
E260 E360d | LL.LBL.P539 and previous | Contact Lexmark Technical Support. |
E360dn | LL.LBM.P539 and previous | Contact Lexmark Technical Support. |
E460 & E462 | LR.LBH.P672 and previous | Contact Lexmark Technical Support. |
T650 T652 T654 | LR.JP.P677 and previous | Contact Lexmark Technical Support. |
T656 | LSJ.SJ.P039 and previous | Contact Lexmark Technical Support. |
W850 | LP.JB.P1644 and previous | Contact Lexmark Technical Support. |
C540, C543 & C544 | LL.AS.P535 and previous | Contact Lexmark Technical Support. |
C546 | LU.AS.P532 and previous | Contact Lexmark Technical Support. |
C73x | LR.SK.P691 and previous | Contact Lexmark Technical Support. |
C920 | LS.TA.P153 and previous | Contact Lexmark Technical Support. |
C935dn | LC.JO.P091 and previous | Contact Lexmark Technical Support. |
X46x | LR.BS.P691 and previous | LR.BS.P692 and later |
X26x & X36x | LL.BZ.P544 and previous | Contact Lexmark Technical Support. |
X543 & X544 | LL.EL.P544 and previous | Contact Lexmark Technical Support. |
X546 | LL.EL.P544 and previous | Contact Lexmark Technical Support. |
X65x | LR.MN.P691 and previous | LR.MN.P692 and later |
X73x | LR.FL.P691 and previous | LR.FL.P692 and later |
X86x | LP.SP.P692 and previous | LP.SP.P693 and later |
2006 and Previous Models | | |
E450 | LM.SZ.P124 and previous | Contact Lexmark Technical Support. |
T64x | LS.ST.P347 and previous | Contact Lexmark Technical Support. |
W840 | LS.HA.P253 and previous | Contact Lexmark Technical Support. |
C52x | LS.FA.P151 and previous | Contact Lexmark Technical Support. |
C53x | LS.SW.P070 and previous | Contact Lexmark Technical Support. |
C77x | LC.CM.P053 and previous | Contact Lexmark Technical Support. |
C78x | LC.IO.P188 and previous | Contact Lexmark Technical Support. |
X20x | LM1.MT.P233 and previous | Contact Lexmark Technical Support. |
X642 | LC2.MB.P318 and previous | Contact Lexmark Technical Support. |
X644 & X646 | LC2.MC.P374 and previous | Contact Lexmark Technical Support. |
X64xef | LC2.TI.P327 and previous | Contact Lexmark Technical Support. |
X772e | LC.TR.P291 and previous | Contact Lexmark Technical Support. |
X782e | LC2.TO.P336 and previous | LC2.TO.P305cS and later |
X78x | LC2.IO.P336 and previous | Contact Lexmark Technical Support. |
X85x | LC4.BE.P488 and previous | Contact Lexmark Technical Support. |
X94x | LC.BR.P145 and previous | Contact Lexmark Technical Support. |
25xxN | LCL.CU.P114 and previous | Contact Lexmark Technical Support. |
N4000 | LC.MD.P012d and previous | Contact Lexmark Technical Support. |
N4050e | GO.GO.N206 and previous | Contact Lexmark Technical Support. |
N70xxe | LC.CO.N309 and previous | Contact Lexmark Technical Support. |
N8120 & N8130 | LR.MU.P311f and previous | Contact Lexmark Technical Support. |
Only the devices listed above are affected, all other devices are not affected.
Workarounds
Lexmark recommends a firmware update if your device has affected firmware.
Obtaining Updated Software
To obtain the firmware that resolves this issue or if you have special code, please contact Lexmark Technical Support at Lexmark Support website, go to your product's support page and locate Get In Touch with Lexmark! for contact information.
Lexmark Document Distributor
Applications running on Lexmark Document Distributor (LDD) versions 4.8.3 or later are not vulnerable, all earlier versions of LDD are vulnerable. A patch is available for the vulnerable versions of LDD that upgrades the OpenSSL library to version 1.0.1h.
Workarounds
Lexmark recommends applying the patch if you have a vulnerable version.
Obtaining Updated Software
To obtain the patch and installation instructions to resolve this issue, please contact your Lexmark Solutions Help Desk.
Lexmark Print Management, On-Premise
The on-premise version of the Lexmark Print Management application version 2.3.14.0 (or later) is not vulnerable, but versions 2.3.13 and previous are known to be vulnerable.
Workarounds
Lexmark recommends updating the application if you have a vulnerable version.
Obtaining Updated Software
To obtain software and installation instructions to resolve this issue, please contact your Lexmark Solutions Help Desk.
Lexmark Fleet Manager
Lexmark Fleet Manager 3.0 is not vulnerable, but Lexmark Fleet Manager 2.0 is.
An updated version of LFM 2.0 that fixes the vulnerability has been posted, and is available for immediate or automatic updating. The fixed versions of the affected LFM components are:
- Lexmark Service Monitor: 2.27.4.0.31
- Lexmark Fleet Tracker: 2.27.4.0.30
Workarounds
Lexmark recommends updating the affected components if you have a vulnerable version.
Obtaining Updated Software
Updates for Lexmark Fleet Manager 2.0 are automatically distributed via the activation server. To obtain instructions on how to perform manual update, please contact Lexmark Technical Support at Lexmark Support website, go to your product's support page and locate Get In Touch with Lexmark! for contact information.
Perceptive Content
Perceptive Content versions 6.6, 6.7, and 6.8 are vulnerable when using Envoy to make outbound calls with SSL enabled.
Workarounds
Modify the server being called to use a non-vulnerable version of OpenSSL.
Obtaining Updated Software
An update is not currently available. Perceptive Software plans to resolve this vulnerability in a future release.
Perceptive Search
Perceptive Enterprise Search, versions 10.0, 10.1, 10.2, and 10.3 are vulnerable.
Workarounds
Perceptive recommends applying the patch.
Obtaining Updated Software
Perceptive Search 10.x OpenSSL 1.0.1h Patch is available via the Perceptive Software Customer Portal. (www.perceptivesoftware.com) This patch will be included in Perceptive Enterprise Search 10.4.
Perceptive Process
Perceptive Process, versions 2.8, 2.9, 3.0, and 3.1 are vulnerable on the Windows platform. On the UNIX platform Perceptive Process utilizes the OpenSSL libraries that are part of the platform and therefore patching OpenSSL on the platform will address the vulnerability.
Workarounds
There are currently no workarounds.
Obtaining Updated Software
An update is not currently available. Perceptive Software plans to have this rectified in Perceptive Process 3.3.
Exploitation and Public Announcements
Lexmark is not aware of any malicious use of the vulnerabilities described in this advisory.
Status of this Notice:
This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.
Distribution
This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts.
Future updates to this document will be posted on Lexmark’s web site at the same location.
LEGACY ID: TE626
Escalation Item # 330690, 331893, and 330837
330690331893330837
NOTE: This escalation item number is provided for investigative purposes. To view this item, you will need at least Escalation Reader access to ExtraView.