Skip to Content Information Center
Lexmark T654

Lexmark T654

FTP Denial of Service Security Vulnerability Notification for Lexmark Printers and Multi-Function Printers

FTP Denial of Service Security Vulnerability Table of Contents

Lexmark Security Advisory:

      • -Revision: 1.0
      • -Last update: 18 Mar 2010
      • -Public Release Date: 22 Mar 2010

FTP denial of service vulnerability summary

Some Lexmark Printers and MarkNet devices contain denial of service vulnerabilities in the FTP service. These vulnerabilities can be exploited with repeated aborted FTP connections to the printer, causing the printer to ignore incoming TCP network connections to multiple services.

Severity and References

CVE: CVE-2010-0618

Vulnerability Scoring Details:

CVSS Base Score 5.0

Exploitability:Impact:
Access Vector: NetworkConfidentiality: None
Access Complexity: LowIntegrity: None
Authentication: NoneAvailability: Partial

CVSS scores are calculated in accordance with CVSS version 2.0

Affected Products

Selected Lexmark Laser & Inkjet printer products and MarkNet devices; for specific details see “Suggested Firmware/Software Fix"

below.

Details

Lexmark products have connection flood protection mechanisms that limit the number of simultaneous network connections that can be made to the device on most TCP service ports.

(21/FTP 79/Finger, 515/LPD, 631/IPP, 5001, 9100-9104, 9200, 9300, 9400, 9500-9501 & 9600)

The FTP service exception handler does not properly maintain the state of the flood protection when passive FTP connections are aborted. Once a sufficient number of passive FTP connections have timed out (typically 15), the flood protection is enabled and is never reset.

The flood protection can be reset by resetting the network adapter, or by power cycling the device.

The firmware update that resolves this vulnerability automatically resets the flood protection after the “Network Job Timeout” has expired or 90 seconds if the “Network Job Timeout” is disabled.

Impact

Successful exploitation of this vulnerability can lead to a denial of service on the affected printer.

Suggested Firmware/Software Fix

Updated firmware or printer base code that removes the vulnerability described in this advisory is available for the

following devices:

Base Model Fixes

Lexmark ModelsAffected ReleasesFixed Releases
Z2420NET.AR.N204 and previousNET.AR.N205 and later
Z15xxNET.MH.N206 and previousNET.MH.N207 and later
Z1420NET.MH.N206 and previousNET.MH.N207 and later
X9575NET.CH.N208 and previousNET.CH.N209 and later
X9350LC.DA.P076 and previousLC.DA.P077 and later
X7675NET.CH.N208 and previousNET.CH.N209 and later
X7550NET.MH.N206 and previousNET.MH.N207 and later
X6650NET.AR.N204 and previousNET.AR.N205 and later
X6570NET.MH.N206 and previousNET.MH.N207 and later
X4975NET.AR.N204 and previousNET.AR.N205 and later
X4875NET.MH.N206 and previousNET.MH.N207 and later
X4650NET.AR.N204 and previousNET.AR.N205 and later
X4550NET.MH.N206 and previousNET.MH.N207 and later
X4975VENET.CH.N208 and previousNET.CH.N209 and later
X94xLC.BR.P049 and previousLC.BR.P051HDs and later
X86xLP.SP.P112 and previousLP.LP.P311e and later
X85xLC4.BE.P457 and previousLC4.BE.P457S and later
X782eLC2.TO.P305c and previousLC2.TO.P305cS and later
X772eLC.TR.P275 and previousLC2.TR.P275S and later
X73xLR.FL.P224b and previousLR.FL.P311e and later
X65xLR.MN.P224a and previousLR.MN.P311e and later
X644 & X646LC2.MC.P307a and previousLC2.MC.P307aS and later
X64xefLC2.TI.P305a and previousLC2.TI.P305aS and later
X642LC2.MB.P307b and previousLC2.MB.P307bS and later
X546LL.EL.P424 and previousLL.EL.P429a and later
X543 & X544LL.EL.P424 and previousLL.EL.P429a and later
X46xLR.BS.P224a and previousLR.BS.P311e and later
X36x & X26xLL.BZ.P424 and previousLL.BZ.P429a and later
X20xLM1.MT.P110h and previousLM1.MT.P214 and later
W840LS.HA.P121 and previousLS.HA.P121S and later
W850LP.JB.P108WS and previousLP.JB.P311e and later
T656LSJ.SJ.P019 and previousLSJ.SJ.P019S and later
T650 T652 T654LR.JP.P224a and previousLR.JP.P311e and later
T64xLS.ST.P240 and previousLS.ST.P240S and later
N4000PH2.ME.N134 and previousLC.MD.P012d and later
N4050eGO.GO.N106 and previousGO.GO.N206 and later
N70xxeLC.CO.N054 and previousLC.CO.N069 and later
N8120 N8130NR.APS.N368 and previousNR.APS.447c and later
E462LR.LBH.P224cWS and previousLR.LBH.P311e and later
E460LR.LBH.P224a and previousLR.LBH.P311e and later
E450LM.SZ.P113vcREF and previousLM.SZ.P113vcREs and later
E360dnLL.LBM.P424 and previousLL.LBM.P429a and later
E260 E360dLL.LBL.P424 and previousLL.LBL.P429a and later
C935dnLC.JO.P051 and previousLC.JO.P051S and later
C920LS.TA.P127 and previousLS.TA.P127S and later
C78xLC.IO.P165a and previousLC.IO.P165aS and later
C77xLC.CM.P027b and previousLC.CM.P027bS and later
C73xLR.SK.P224a and previousLR.SK.P311e and later
C546LU.AS.P424 and previousLU.AS.P429a and later
C540 C543 C544LL.AS.P424 and previousLL.AS.P429a and later
C53xLS.SW.P026avc and previousLS.SW.P026avcS and later
C52xLS.FA.P129 and previousLS.FA.P129S and later
25xxNLCL.CU.P105 and previousLC.CU.P106 and later
X422GN.AQ.P202 and previousNo release planned, see workaround.
X34x401.ec4 and previousNo release planned, see workaround.
T430JX.JU.P101 and previousNo release planned, see workaround.
E350LE.PH.P121 and previousNo release planned, see workaround.
E34xBR.H.P204 and previousNo release planned, see workaround.
E33x E23x141.C09 and previousNo release planned, see workaround.
E250LE.PM.P121 and previousNo release planned, see workaround.
E240nBR.Q.P204 and previousNo release planned, see workaround.
E240 E238BR.M.P204 and previousNo release planned, see workaround.
E120LE.UL.P040 and previousNo release planned, see workaround.
C510891.004 and previousNo release planned, see workaround.

I

PDS DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311h and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X73xLR.FL.P311h and later
X65xLR.MN.P311h and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X46xLR.BS.P311h and later
W840LS.HA.P225S and later
W850LP.JB.P311h and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311h and later
T64xLS.ST.P240S1 and later
E462LR.LBH.P311h and later
E460LR.LBH.P311h and later
C935dnLC.JO.P051S1 and later
C920LS.TA.P127EPs and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311h and later

Forms DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LD.HA.FM139s and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLD.ST.FM152s and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
E450LM.SZ.P113vcREs1 and later
C935dnLC.JO.P051S1 and later
C920LD.TA.FM130s and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311e and later
C53xLS.SW.P026avcS1 and later
C52xLD.FA.FM131s and later

Barcode DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X772eLC2.TR.P275S1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LD.HA.BC104s and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLS.ST.P240S1 and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
E450LM.SZ.P113vcREs1 and later
C935dnLC.JO.P051S1 and later
C920LD.TA.BC109s and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311e and later
C53xLS.SW.P026avcS1 and later
C52xLS.FA.P129S1 and later

Prescribe DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LS.HA.P121S1 and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLS.ST.P240S1 and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
C935dnLC.JO.P051S1 and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311e and later

Printcryption DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LS.HA.P236LPCs and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLS.ST.P240LPCs and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
C935dnLC.JO.P051S1 and later
C920LS.TA.P127LPCs and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bLPCs and later
C73xLR.SK.P311e and later
C53xLS.SW.P027LPCs and later
C52xLS.FA.P129LPCs and later

Workarounds

Disabling the FTP service on the printer blocks the ability to exploit this vulnerability.

To do this, disable FTP via TCP/IP Port Access settings, or via the Security or Network/Ports menus.

If file transfer protocol (FTP) must be left enabled, the problem can be mitigated by restricting the number network devices that are permitted to communicate with the printer.

To do this, limit access to the printer by utilizing either the “Restricted Server List” feature, or IPsec if the printer supports this feature.

Hence, by restricting the number of devices that can communicate with the printer, you limit the number of devices that can attempt to exploit the vulnerability.

How to obtain updated firmware

To obtain firmware that resolves this issue, or if you have special code, please contact Lexmark’s Technical Support Center to find your local support center.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use of the vulnerability described in this advisory.

Lexmark would like to thank Francis Provencher of Protek Research Labs for bringing this to our attention.

Distribution

This advisory is posted on Lexmark’s web site at support.lexmark.com/alerts.

Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

Revision Date Reason

1.0 22-Mar-2010 Initial Public Release

Status of this Notice:

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

Still Need Help?

Please see contact information below for further assistance. NOTE: When calling for support, you will need to know your printer model/machine type and serial number (SN).

Please call from near the printer and a computer in case the technician asks you to perform a task involving one of these devices.

LEGACY ID: TE85

Was this article helpful?
Top