Skip to Content Information Center
Lexmark T650

Lexmark T650

Lexmark Security Advisory: Orpheus' Lyre Vulnerability (CVE-2017-11103)

Lexmark Security Advisory:

Revision: 1.1
Last update: 8 September 2017
Public Release Date: 13 September 2017

Summary

Orpheus' Lyre Vulnerability

Some older Lexmark products may have a vulnerability that allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack.

References

CVE: CVE-2017-11103

Details

Heimdal (an implementation of Kerberos 5) before release 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version stored in 'ticket' provides an opportunity for successful server impersonation and other attacks.


NOTE:
This CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

CVSS v3 Base Score:8.1 High (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Impact Score:5.9
Exploitability Score:2.2

CVSS scores are calculated in accordance with CVSS version 3.0 (https://www.first.org/cvss/)

Impact

This vulnerability can lead to the unauthorized disclosure of configuration information and user data on the affected device.

Affected Products

To determine a devices firmware level, select the Settings > Reports > Menu Setting Page menu item from the operator panel. If the firmware level listed under "Device Information" matches any level under "Affected Releases", then upgrade to a "Fixed Release".

Lexmark ModelsAffected ReleasesFixed Release
C746LHS42.xx.P596 and previousLHS42.xx.P597 and later
C748 & CS748LHS42.xx.P596 and previousLHS42.xx.P597 and later
C79x & CS796LHS42.xx.P596 and previousLHS42.xx.P597 and later
C925 LHS42.xx.P596 and previousLHS42.xx.P597 and later
C95x LHS42.xx.P596 and previousLHS42.xx.P597 and later
X548 & XS548LHS42.xx.P596 and previousLHS42.xx.P597 and later
X74x & XS748LHS42.xx.P596 and previousLHS42.xx.P597 and later
X792 & XS79xLHS42.xx.P596 and previousLHS42.xx.P597 and later
X925 & XS925LHS42.xx.P596 and previousLHS42.xx.P597 and later
X95x & XS95x LHS42.xx.P596 and previousLHS42.xx.P597 and later
E46x & 3330dnLR.xx.P753 and previousLR.xx.P754 and later
X46x & 3333dn/ 3335dnLR.xx.P753 and previousLR.xx.P754 and later
X65x & 5535dnLR.xx.P753 and previousLR.xx.P754 and later
X73xLR.xx.P753 and previousLR.xx.P754 and later
T650/T652 & 5230dn/5350dnLR.xx.P753 and previousLR.xx.P754 and later
T654 & 5330dnLR.xx.P753 and previousLR.xx.P754 and later
C73x LR.xx.P753 and previousLR.xx.P754 and later
X86x LP.xx.P752 and previousLP.xx.P753 and later
W85x LP.xx.P752 and previousLP.xx.P753 and later

Obtaining Updated Software

To obtain firmware that resolves this issue, or if you have special code, please contact Lexmark's Technical Support Center at http://support.lexmark.com to find your local support center.

Recommendations and/or Workarounds

Lexmark recommends updating firmware to address this issue.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory.

Status of this Notice:

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND IS PROVIDED WITHOUT ANY EXPRESS OR IMPLIED GUARANTEE OR WARRANTY WHATSOEVER, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR USE OR PURPOSE.

Distribution

This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts.

Future updates to this document will be on Lexmark’s web site at the same location.

Revision History

RevisionDateReason
1.0 21 - August 2017 Initial Public Release
1.16 - September 2017Included release for LR.xx.P754 and LP.xx.P753

LEGACY ID: TE869

Was this article helpful?
Top