Skip to Content Information Center
Lexmark T650

Lexmark T650

SSL Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers

SSL Denial of Service Vulnerability Table of Contents

Lexmark Security Advisory:

      • - Revision: 1.0
      • - Last update: 26 Apr 2010
      • - Public Release Date: 26 Apr 2010

SSL denial of service vulnerability summary

Some Lexmark Printers and MarkNet Devices contain a denial of service vulnerability in their SSL/TLS processing. This vulnerability can be exploited to crash the printer.

Severity and References

CVE: CVE-2004-0079

Vulnerability Scoring Details:

CVSS Base Score 5.0

Exploitability:Impact:
Access Vector: NetworkConfidentiality: None
Access Complexity: LowIntegrity: None
Authentication: NoneAvailability: Partial

CVSS scores are calculated in accordance with CVSS version 2.0

Affected Products

Older Lexmark Laser printer products and MarkNet devices; for specific details see “Suggested Firmware/Software Fixes" below.

Details

Secure Socket Layer (SSL) and Transport Layer Security (TLS) can be used to encrypt network communication with the embedded web server (TCP port 443) running on Lexmark products. A carefully crafted SSL/TLS handshake sent to a vulnerable device will cause it to crash.

Impact

Successful exploitation of this vulnerability can lead to a denial of service on the affected printer by causing it to crash.

Suggested Firmware/Software Fix

Updated software that removes the vulnerability described in this advisory is available for the following devices:

Base Model Fixes

X94xBase: LC.BR.P051HDs and previousNet: NC.NPS.N129S and previousBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X85xBase: LC4.BE.P457S and previousNet: NC2.NPS.N222S and previousBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS and previousNet: NC2.NPS.N222S and previousBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X772eBase: LC.TR.P275S and previousNet: NC2.NPS.N222S and previousBase: LC2.TR.P275S1Net: NC2.NPS.N222S1
X644 & X646Base: LC2.MC.P307aS and previousNet: NC2.NPS.N222S and previousBase: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS and previousNet: NC2.NPS.N222S and previousBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS and previousNet: NC2.NPS.N222S and previousBase: LC2.MB.P307bS1Net: NC2.NPS.N222S1
W840Base: LS.HA.P121S and previousNet: NS.NP.N118S previousBase: LS.HA.P121S1Net: NS.NP.N118S1
T64xBase: LS.ST.P240S and previousNet: NS.NP.N219S and previousBase: LS.ST.P240S1Net: NS.NP.N219S1
N70xxeNet: LC.CO.N069 and previousNet: LC.CO.N070
C935dnBase: LC.JO.P051S and previousNet: NC.NPS.N129S and previousBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LS.TA.P127S and previousNet: NS.NP.N219S and previousBase: LS.TA.P127S1Net: NS.NP.N219S1
C78xBase: LC.IO.P165aS and previousNet: NC2.NPS.N222S and previousBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS and previousNet. NCC.NPS.N107S1 and previousBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C53xBase: LS.SW.P026avcS and previousNet: NSF.NP.N026S and previousBase: LS.SW.P026avcS1Net: NSF.NP.N026S1
C52xLS.FA.P129S and previousNet: NS.NP.N219S and previousBase: LS.FA.P129S1Net: NS.NP.N219S1
25xxNBase: LCL.CU.P106 and previousNet: NCL.NA.N105 and previousBase: LC.CU.P107Net: NCL.NA.N106

I

PDS DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
W840Base: LS.HA.P225SNet: NS.NP.N259*
T64xBase: LS.ST.P240S1Net: NS.NP.N219S1
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LS.TA.P127EPsNet: NS.NP.N219S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1

*A network firmware update is required AFTER the base has been updated for this device.

Forms DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
W840Base: LD.HA.FM139sNet: NS.NP.N259*
T64xBase: LD.ST.FM152sNet: NS.NP.N259*
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LD.TA.FM130sNet: NS.NP.N219S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C53xBase: LS.SW.P026avcS1Net: NSF.NP.N026S1
C52xBase: LD.FA.FM131s Net: NS.NP.N219S1

*A network firmware update is required AFTER the base has been updated for this device.

Barcode DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X772eBase: LC2.TR.P275S1Net: NC2.NPS.N222S1
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
W840Base: LD.HA.BC104sNet: NS.NP.N259*
T64xBase: LS.ST.P240S1Net: NS.NP.N219S1
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LD.TA.BC109sNet: NS.NP.N219S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C53xBase: LS.SW.P026avcS1Net: NSF.NP.N026S1
C52xBase: LS.FA.P129S1Net: NS.NP.N219S1

*A network firmware update is required AFTER the base has been updated for this device.

Prescribe DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
W840Base: LS.HA.P121S1Net: NS.NP.N118S1
T64xBase: LS.ST.P240S1Net: NS.NP.N219S1
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1

Printcryption DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
W840Base: LS.HA.P236LPCsNet: NS.NP.N234LPCs
T64xBase: LS.ST.P240LPCsNet: NS.NP.N234LPCs
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LS.TA.P127LPCsNet: NS.NP.N234LPCs
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bLPCsNet: NCC.NPS.N116LPs
C53xBase: LS.SW.P027LPCsNet: NSF.NP.N019LPCs
C52xBase: LS.FA.P129LPCsNet: NS.NP.N234LPCs

Workarounds

  1. Disabling the embedded web server support for SSL/TLS on the printer (TCP ports 443) blocks the ability to exploit this vulnerability.

  2. If the embedded web server’s support for SSL/TLS must remain enabled, the problem can be mitigated by restricting the network devices that are permitted to communicate with the printer.

To do this:

Utilize either the “Restricted Server List” feature, or via IPsec configuration on the printers that support these features.

How does this work?

Restricting the number of devices that can communicate with the printer limits the devices that can attempt to exploit the vulnerability.

How to obtain updated firmware

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center to find your local support center.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use of the vulnerability described in this advisory More information on the vulnerability is available at www.openssl.org/news/secadv_20040317 .txt.

Distribution

This advisory is posted on Lexmark’s web site at support.lexmark.com/alerts.

Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

Revision Date Reason

1.0 26 Apr 2010 Initial public announcement

Status of this Notice:

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

Still Need Help?

Please see contactLexmark information below for further assistance. NOTE: When calling for support, you will need to know your printer model/machine type and serial number (SN).

Please call from near the printer and a computer in case the technician asks you to perform a task involving one of these devices.

LEGACY ID: TE88

Was this article helpful?
Top