SSL Denial of Service Vulnerability Table of Contents
Lexmark Security Advisory:
- - Revision: 1.0
- - Last update: 26 Apr 2010
- - Public Release Date: 26 Apr 2010
SSL denial of service vulnerability summary
Some Lexmark Printers and MarkNet Devices contain a denial of service vulnerability in their SSL/TLS processing. This vulnerability can be exploited to crash the printer.
Severity and References
CVE: CVE-2004-0079
Vulnerability Scoring Details:
CVSS Base Score 5.0
| Exploitability: | Impact: |
| Access Vector: Network | Confidentiality: None |
| Access Complexity: Low | Integrity: None |
| Authentication: None | Availability: Partial |
CVSS scores are calculated in accordance with CVSS version 2.0
Affected Products
Older Lexmark Laser printer products and MarkNet devices; for specific details see “Suggested Firmware/Software Fixes" below.
Details
Secure Socket Layer (SSL) and Transport Layer Security (TLS) can be used to encrypt network communication with the embedded web server (TCP port 443) running on Lexmark products. A carefully crafted SSL/TLS handshake sent to a vulnerable device will cause it to crash.
Impact
Successful exploitation of this vulnerability can lead to a denial of service on the affected printer by causing it to crash.
Suggested Firmware/Software Fix
Updated software that removes the vulnerability described in this advisory is available for the following devices:
Base Model Fixes
| X94x | Base: LC.BR.P051HDs and previousNet: NC.NPS.N129S and previous | Base: LC.BR.P051HDs1Net: NC.NPS.N129S1 |
| X85x | Base: LC4.BE.P457S and previousNet: NC2.NPS.N222S and previous | Base: LC4.BE.P457S1Net: NC2.NPS.N222S1 |
| X782e | Base: LC2.TO.P305cS and previousNet: NC2.NPS.N222S and previous | Base: LC2.TO.P305cS1Net: NC2.NPS.N222S1 |
| X772e | Base: LC.TR.P275S and previousNet: NC2.NPS.N222S and previous | Base: LC2.TR.P275S1Net: NC2.NPS.N222S1 |
| X644 & X646 | Base: LC2.MC.P307aS and previousNet: NC2.NPS.N222S and previous | Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1 |
| X64xef | Base: LC2.TI.P305aS and previousNet: NC2.NPS.N222S and previous | Base: LC2.TI.P305aS1Net: NC2.NPS.N222S1 |
| X642 | Base: LC2.MB.P307bS and previousNet: NC2.NPS.N222S and previous | Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1 |
| W840 | Base: LS.HA.P121S and previousNet: NS.NP.N118S previous | Base: LS.HA.P121S1Net: NS.NP.N118S1 |
| T64x | Base: LS.ST.P240S and previousNet: NS.NP.N219S and previous | Base: LS.ST.P240S1Net: NS.NP.N219S1 |
| N70xxe | Net: LC.CO.N069 and previous | Net: LC.CO.N070 |
| C935dn | Base: LC.JO.P051S and previousNet: NC.NPS.N129S and previous | Base: LC.JO.P051S1Net: NC.NPS.N129S1 |
| C920 | Base: LS.TA.P127S and previousNet: NS.NP.N219S and previous | Base: LS.TA.P127S1Net: NS.NP.N219S1 |
| C78x | Base: LC.IO.P165aS and previousNet: NC2.NPS.N222S and previous | Base: LC.IO.P165aS1Net: NC2.NPS.N222S1 |
| C77x | Base: LC.CM.P027bS and previousNet. NCC.NPS.N107S1 and previous | Base: LC.CM.P027bS1Net: NCC.NPS.N107S1 |
| C53x | Base: LS.SW.P026avcS and previousNet: NSF.NP.N026S and previous | Base: LS.SW.P026avcS1Net: NSF.NP.N026S1 |
| C52x | LS.FA.P129S and previousNet: NS.NP.N219S and previous | Base: LS.FA.P129S1Net: NS.NP.N219S1 |
| 25xxN | Base: LCL.CU.P106 and previousNet: NCL.NA.N105 and previous | Base: LC.CU.P107Net: NCL.NA.N106 |
I
PDS DLE Versions and Fixes
| Lexmark Models | Fixed Releases |
| X94x | Base: LC.BR.P051HDs1Net: NC.NPS.N129S1 |
| X85x | Base: LC4.BE.P457S1Net: NC2.NPS.N222S1 |
| X782e | Base: LC2.TO.P305cS1Net: NC2.NPS.N222S1 |
| X644 & X646 | Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1 |
| X64xef | Base: LC2.TI.P305aS1Net: NC2.NPS.N222S1 |
| W840 | Base: LS.HA.P225SNet: NS.NP.N259* |
| T64x | Base: LS.ST.P240S1Net: NS.NP.N219S1 |
| C935dn | Base: LC.JO.P051S1Net: NC.NPS.N129S1 |
| C920 | Base: LS.TA.P127EPsNet: NS.NP.N219S1 |
| C78x | Base: LC.IO.P165aS1Net: NC2.NPS.N222S1 |
| C77x | Base: LC.CM.P027bS1Net: NCC.NPS.N107S1 |
*A network firmware update is required AFTER the base has been updated for this device.
Forms DLE Versions and Fixes
| Lexmark Models | Fixed Releases |
| X94x | Base: LC.BR.P051HDs1Net: NC.NPS.N129S1 |
| X85x | Base: LC4.BE.P457S1Net: NC2.NPS.N222S1 |
| X782e | Base: LC2.TO.P305cS1Net: NC2.NPS.N222S1 |
| X644 & X646 | Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1 |
| X64xef | Base: LC2.TI.P305aS1Net: NC2.NPS.N222S1 |
| X642 | Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1 |
| W840 | Base: LD.HA.FM139sNet: NS.NP.N259* |
| T64x | Base: LD.ST.FM152sNet: NS.NP.N259* |
| C935dn | Base: LC.JO.P051S1Net: NC.NPS.N129S1 |
| C920 | Base: LD.TA.FM130sNet: NS.NP.N219S1 |
| C78x | Base: LC.IO.P165aS1Net: NC2.NPS.N222S1 |
| C77x | Base: LC.CM.P027bS1Net: NCC.NPS.N107S1 |
| C53x | Base: LS.SW.P026avcS1Net: NSF.NP.N026S1 |
| C52x | Base: LD.FA.FM131s Net: NS.NP.N219S1 |
*A network firmware update is required AFTER the base has been updated for this device.
Barcode DLE Versions and Fixes
| Lexmark Models | Fixed Releases |
| X94x | Base: LC.BR.P051HDs1Net: NC.NPS.N129S1 |
| X85x | Base: LC4.BE.P457S1Net: NC2.NPS.N222S1 |
| X782e | Base: LC2.TO.P305cS1Net: NC2.NPS.N222S1 |
| X772e | Base: LC2.TR.P275S1Net: NC2.NPS.N222S1 |
| X644 & X646 | Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1 |
| X64xef | Base: LC2.TI.P305aS1Net: NC2.NPS.N222S1 |
| X642 | Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1 |
| W840 | Base: LD.HA.BC104sNet: NS.NP.N259* |
| T64x | Base: LS.ST.P240S1Net: NS.NP.N219S1 |
| C935dn | Base: LC.JO.P051S1Net: NC.NPS.N129S1 |
| C920 | Base: LD.TA.BC109sNet: NS.NP.N219S1 |
| C78x | Base: LC.IO.P165aS1Net: NC2.NPS.N222S1 |
| C77x | Base: LC.CM.P027bS1Net: NCC.NPS.N107S1 |
| C53x | Base: LS.SW.P026avcS1Net: NSF.NP.N026S1 |
| C52x | Base: LS.FA.P129S1Net: NS.NP.N219S1 |
*A network firmware update is required AFTER the base has been updated for this device.
Prescribe DLE Versions and Fixes
| Lexmark Models | Fixed Releases |
| X94x | Base: LC.BR.P051HDs1Net: NC.NPS.N129S1 |
| X85x | Base: LC4.BE.P457S1Net: NC2.NPS.N222S1 |
| X782e | Base: LC2.TO.P305cS1Net: NC2.NPS.N222S1 |
| X644 & X646 | Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1 |
| X64xef | Base: LC2.TI.P305aS1Net: NC2.NPS.N222S1 |
| X642 | Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1 |
| W840 | Base: LS.HA.P121S1Net: NS.NP.N118S1 |
| T64x | Base: LS.ST.P240S1Net: NS.NP.N219S1 |
| C935dn | Base: LC.JO.P051S1Net: NC.NPS.N129S1 |
| C78x | Base: LC.IO.P165aS1Net: NC2.NPS.N222S1 |
| C77x | Base: LC.CM.P027bS1Net: NCC.NPS.N107S1 |
Printcryption DLE Versions and Fixes
| Lexmark Models | Fixed Releases |
| X94x | Base: LC.BR.P051HDs1Net: NC.NPS.N129S1 |
| X85x | Base: LC4.BE.P457S1Net: NC2.NPS.N222S1 |
| X644 & X646 | Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1 |
| X642 | Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1 |
| W840 | Base: LS.HA.P236LPCsNet: NS.NP.N234LPCs |
| T64x | Base: LS.ST.P240LPCsNet: NS.NP.N234LPCs |
| C935dn | Base: LC.JO.P051S1Net: NC.NPS.N129S1 |
| C920 | Base: LS.TA.P127LPCsNet: NS.NP.N234LPCs |
| C78x | Base: LC.IO.P165aS1Net: NC2.NPS.N222S1 |
| C77x | Base: LC.CM.P027bLPCsNet: NCC.NPS.N116LPs |
| C53x | Base: LS.SW.P027LPCsNet: NSF.NP.N019LPCs |
| C52x | Base: LS.FA.P129LPCsNet: NS.NP.N234LPCs |
Workarounds
Disabling the embedded web server support for SSL/TLS on the printer (TCP ports 443) blocks the ability to exploit this vulnerability.
If the embedded web server’s support for SSL/TLS must remain enabled, the problem can be mitigated by restricting the network devices that are permitted to communicate with the printer.
To do this:
Utilize either the “Restricted Server List” feature, or via IPsec configuration on the printers that support these features.
How does this work?
Restricting the number of devices that can communicate with the printer limits the devices that can attempt to exploit the vulnerability.
How to obtain updated firmware
To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center to find your local support center.
Exploitation and Public Announcements
Lexmark is not aware of any malicious use of the vulnerability described in this advisory More information on the vulnerability is available at www.openssl.org/news/secadv_20040317 .txt.
Distribution
This advisory is posted on Lexmark’s web site at support.lexmark.com/alerts.
Future updates to this document will be posted on Lexmark’s web site at the same location.
Revision History
Revision Date Reason
1.0 26 Apr 2010 Initial public announcement
Status of this Notice:
This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.
Still Need Help?
Please see contactLexmark information below for further assistance. NOTE: When calling for support, you will need to know your printer model/machine type and serial number (SN).
Please call from near the printer and a computer in case the technician asks you to perform a task involving one of these devices.
LEGACY ID: TE88