Skip to Content Information Center
Lexmark T650

Lexmark T650

PJL Remote Buffer Overflow Security Vulnerability Notification for Lexmark Printers and Multi-Function Printers

PJL Security Vulnerability Table of Contents

Overview

Lexmark Security Advisory:

      • -Revision: 1.0
      • -Last update: 18 Mar 2010
      • -Public Release Date: 22 Mar 2010

Summary

of PJL Remote Buffer Overflow Vulnerability

Some Lexmark Laser Printers contain remote buffer overflow vulnerabilities in their PJL processing functionality. These vulnerabilities could potentially lead to remote code execution, but no malicious use of this vulnerability is known.

Reference

CVE: CVE-2010-0619

Vulnerability Scoring Details:

CVSS Base Score 7.3

Exploitability:

Impact:
Access Vector: NetworkConfidentiality: Complete
Access Complexity:HighIntegrity: Partial
Authentication: NoneAvailability: Complete

CVSS scores are calculated in accordance with CVSS version 2.0

Affected Products

Multiple Lexmark laser printer products, for specific details see “Suggested Firmware/Software Fix" below.

Details

If a specifically crafted PJL command is sent to the printer, it is possible to insert information onto the stack of the embedded microprocessor.

Impact

Successful exploitation of this vulnerability can lead to remote code execution on the affected printer.

Suggested Firmware/Software Fix

Updated firmware or printer base code that removes the vulnerability described in this advisory is available for the following devices:

Base Lexmark Model Fixes

Lexmark ModelsAffected ReleasesFixed Releases
X94xLC.BR.P049 and previousLC.BR.P051HDs and later
X86xLP.SP.P112 and previousLP.LP.P311e and later
X85xLC4.BE.P457 and previousLC4.BE.P457S and later
X782eLC2.TO.P305c and previousLC2.TO.P305cS and later
X772eLC2.TR.P275 and previousLC2.TR.P275S and later
X73xLR.FL.P224b and previousLR.FL.P311e and later
X65xLR.MN.P224a and previousLR.MN.P311e and later
X644 & X646LC2.MC.P307a and previousLC2.MC.P307aS and later
X64xefLC2.TI.P305a and previousLC2.TI.P305aS and later
X642LC2.MB.P307b and previousLC2.MB.P307bS and later
X546LL.EL.P424 and previousLL.EL.P429a and later
X543 & X544LL.EL.P424 and previousLL.EL.P429a and later
X46xLR.BS.P224a and previousLR.BS.P311e and later
X36xLL.BZ.P424 and previousLL.BZ.P429a and later
X264LM1.MT.P110h and previousLM1.MT.P214 and later
W840LS.HA.P121 and previousLS.HA.P121S and later
W850LP.JB.P108WS and previousLP.JB.P311e and later
T656LSJ.SJ.P019 and previousLSJ.SJ.P019S and later
T650 T652 T654LR.JP.P224a and previousLR.JP.P311e and later
T64xLS.ST.P240 and previousLS.ST.P240S and later
E462LR.LBH.P224cWS and previousLR.LBH.P311e and later
E460LR.LBH.P224a and previousLR.LBH.P311e and later
E450LM.SZ.P113vcREF and previousLM.SZ.P113vcREs and later
E360dnLL.LBM.P424 and previousLL.LBM.P429a and later
E260 E360dLL.LBL.P424 and previousLL.LBL.P429a and later
C935dnLC.JO.P051 and previousLC.JO.P051S and later
C920LS.TA.P127 and previousLS.TA.P127S and later
C78xLC.IO.P165a and previousLC.IO.P165aS and later
C77xLC.CM.P027b and previousLC.CM.P027bS and later
C73xLR.SK.P224a and previousLR.SK.P311e and later
C546LU.AS.P424 and previousLU.AS.P429a and later
C540 C543 C544LL.AS.P424 and previousLL.AS.P429a and later
C53xLS.SW.P026avc and previousLS.SW.P026avcS and later
C52xLS.FA.P129 and previousLS.FA.P129S and later

IPDS DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311h and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X73xLR.FL.P311h and later
X65xLR.MN.P311h and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X46xLR.BS.P311h and later
W840LS.HA.P225S and later
W850LP.JB.P311h and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311h and later
T64xLS.ST.P240S1 and later
E462LR.LBH.P311h and later
E460LR.LBH.P311h and later
C935dnLC.JO.P051S1 and later
C920LS.TA.P127EPs and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311h and later

Forms DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LD.HA.FM139s and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLD.ST.FM152s and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
E450LM.SZ.P113vcREs1 and later
C935dnLC.JO.P051S1 and later
C920LD.TA.FM130s and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311e and later
C53xLS.SW.P026avcS1 and later
C52xLD.FA.FM131s and later

Barcode DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X772eLC2.TR.P275S1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LD.HA.BC104s and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLS.ST.P240S1 and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
E450LM.SZ.P113vcREs1 and later
C935dnLC.JO.P051S1 and later
C920LD.TA.BC109s and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311e and later
C53xLS.SW.P026avcS1 and later
C52xLS.FA.P129S1 and later

Prescribe DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X782eLC2.TO.P305cS1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X64xefLC2.TI.P305aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LS.HA.P121S1 and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLS.ST.P240S1 and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
C935dnLC.JO.P051S1 and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bS1 and later
C73xLR.SK.P311e and later

PrintCryption DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xLC.BR.P051HDs1 and later
X86xLP.LP.P311e and later
X85xLC4.BE.P457S1 and later
X73xLR.FL.P311e and later
X65xLR.MN.P311e and later
X644 & X646LC2.MC.P307aS1 and later
X642LC2.MB.P307bS1 and later
X46xLR.BS.P311e and later
W840LS.HA.P236LPCs and later
W850LP.JB.P311e and later
T656LSJ.SJ.P019S and later
T650 T652 T654LR.JP.P311e and later
T64xLS.ST.P240LPCs and later
E462LR.LBH.P311e and later
E460LR.LBH.P311e and later
C935dnLC.JO.P051S1 and later
C920LS.TA.P127LPCs and later
C78xLC.IO.P165aS1 and later
C77xLC.CM.P027bLPCs and later
C73xLR.SK.P311e and later
C53xLS.SW.P027LPCs and later
C52xLS.FA.P129LPCs and later

Workarounds

The problem can be mitigated by restricting the network devices that are permitted to communicate with the printer.

To do this:

    • -Limit access to the printer by utilizing either the “Restricted Server List” feature, or IPsec if the printer supports this feature. Hence, by restricting the number of devices that can communicate with the printer, you limit the number of devices that can be exploited by the vulnerability.
    • -Power cycling the printer will remove any injected code, and remove any resulting 900 service error.
    • -Enable automatic HDD wiping on the device to eliminate risk associated to residual job data.

How to obtain updated firmware

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center to find your local support center.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use of the vulnerability described in this advisory.

Lexmark would like to thank Francis Provencher of Protek Research Labs for bringing this to our attention.

Status of this Notice

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

Distribution

This advisory is posted on Lexmark’s web site at support.lexmark.com/alerts. Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

Revision Date Reason 1.0 22-Mar-2010 Initial Public Release

Still Need Help?

Please see contact information below for further assistance. NOTE: When calling for support, you will need to know your printer model/machine type and serial number (SN).

Please call from near the printer and a computer in case the technician asks you to perform a task involving one of these devices.

LEGACY ID: TE84

Was this article helpful?
Top