Skip to Content Information Center
Lexmark T650

Lexmark T650

Not your product?

HTTP Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers

HTTP Denial of Service Vulnerability Table of Contents

Updated software that removes the vulnerability described in this advisory is available for the following devices:

Lexmark Security Advisory:

      • - Revision: 1.0
      • - Last update: 26 Apr 2010
      • - Public Release Date: 26 Apr 2010

HTTP denial of service vulnerability summary

Some Lexmark Printers and MarkNet Devices contain a denial of service vulnerability in their HTTP service. This vulnerability can be exploited to crash the printer.

Severity and References

CVE: CVE-2010-0101

Vulnerability Scoring Details:

CVSS Base Score 7.8

Exploitability:Impact:
Access Vector: Network AccessConfidentiality: None
Access Complexity: LowIntegrity: None
Authentication: NoneAvailability: Complete

CVSS scores are calculated in accordance with CVSS version 2.0

Affected Products

Selected Lexmark Laser & Inkjet printer products and MarkNet devices; for specific details see “Suggested Firmware/Software Fix"

below.

Details

Invalid characters in the HTTP header “Authorization” field will cause the embedded HTTP server to crash which halts the operating system. This affects all TCP services on the printer (ports 80, 443, 8000 & 631) that use the HTTP protocol.

Impact

Successful exploitation of this vulnerability can lead to a denial of service on the affected printer by causing it to crash.

Suggested Firmware/Software Fix

Updated software that removes the vulnerability described in this advisory is available for the following devices:

Base Model Fixes

Lexmark ModelsAffected ReleasesFixed Releases
X94xBase: LC.BR.P049 and previousNet: NC.NPS.N129 and previousBase: LC.BR.P051HDsNet: NC.NPS.N129S
X86xBase: LP.SP.P112 and previousNet: NR.APS.N332 and previousBase: LP.SP.P311e and laterNet: NP.APS.N332a and later
X85xBase: LC4.BE.P457 and previousNet: NC2.NPS.N222 and previousBase: LC4.BE.P457SNet: NC2.NPS.N222S
X782eBase: LC2.TO.P305c and previousNet: NC2.NPS.N222 and previousBase: LC2.TO.P305cSNet: NC2.NPS.N222S
X772eBase: LC.TR.P275 and previousNet: NC2.NPS.N222 and previousBase: LC2.TR.P275SNet: NC2.NPS.N222S
X73xBase: LR.FL.P224b and previousNet: NR.APS.N447a and previousBase: LR.FL.P311e and laterNet: NR.APS.N447b and later
X65xBase: LR.MN.P224a and previousNet: NR.APS.N447a and previousBase: LR.MN.P311e and laterNet: NR.APS.N447b and later
X644 & X646Base: LC2.MC.P307a and previousNet: NC2.NPS.N222S and previousBase: LC2.MC.P307aSNet: NC2.NPS.N222S
X64xefBase: LC2.TI.P305a and previousNet: NC2.NPS.N222 and previousBase: LC2.TI.P305aSNet: NC2.NPS.N222S
X642Base LC2.MB.P307b and previousNet: NC2.NPS.N222 and previousBase: LC2.MB.P307bSNet: NC2.NPS.N222S
X546Base: LL.EL.P424 and previousNet: NR.APS.N448 and previousBase: LL.EL.P429a and laterNet: NR.APS.N449 and later
X543 & X544Base: LL.EL.P424 and previousNet: NR.APS.N448 and previousBase: LL.EL.P429a and laterNet: NR.APS.N449 and later
X46xBase: LR.BS.P224a and previousNet: NR.APS.N447a and previousBase: LR.BS.P311e and laterNet: NR.APS.N447b and later
X36x & X26xBase: LL.BZ.P424 and previousNet: NR.APS.N448 and previousBase: LL.BZ.P429a and laterNet: NR.APS.N449 and later
X20xBase: LM1.MT.P110h and previousNet: NM.APS.N048 and previousBase: LM1.MT.P214 and laterNet: NM.APS.N049 and later
W840Base: LS.HA.P121 and previousNet: NS.NP.N118 and previousBase: LS.HA.P121SNet: NS.NP.N118S
W850Base: LP.JB.P108WS and previousNet: NR.APS.N332 and previousBase: LP.JB.P311e and later Net: NP.APS.N332a and later
T656Base: LSJ.SJ.P019 and previousNet: NR.APS.N402 and previousBase: LSJ.SJ.P019S1 and laterNet: NR.APS.N402S and later
T650 T652 T654Base: LR.JP.P224a and previousNet: NR.APS.N447a and previousBase: LR.JP.P311e and laterNet: NR.APS.N447b and later
T64xBase: LS.ST.P240 and previousNet: NS.NP.N219 and previousBase: LS.ST.P240SNet: NS.NP.N219S
N4000Net: PH2.ME.N134 and previousNet: LC.MD.P012d
N4050eNet: GO.GO.N106 and previousNet: GO.GO.N206
N70xxeNet: LC.CO.N054 and previousNet: LC.CO.N069
N8120 N8130Net: NR.APS.N368 and previousNet: NR.APS.447c
E462LR.LBH.P224cWS and previousNet: NR.APS.N447a and previousBase: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E460LR.LBH.P224a and previousNet: NR.APS.N447a and previousBase: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E450Base: LM.SZ.P113vcREF and previousNet: NM.NA.N098a and previousBase: LM.SZ.P113vcREsNet: NM.NA.N098aS
E360dnBase: LL.LBM.P424 and previousNet: NR.APS.N448 and previousBase: LL.LBM.P429a and laterNet: NR.APS.N449 and later
E260 E360dBase: LL.LBL.P424 and previousNet: NR.APS.N448 and previousBase: LL.LBL.P429a and laterNet: NR.APS.N449 and later
C935dnLC.JO.P051 and previousNet: NC.NPS.N129 and previousBase: LC.JO.P051SNet: NC.NPS.N129S
C920Base: LS.TA.P127 and previousNet: NS.NP.N219 and previousBase: LS.TA.P127SNet: NS.NP.N219S
C78xBase: LC.IO.P165a and previousNet: NC2.NPS.N222 and previousBase: LC.IO.P165aSNet: NC2.NPS.N222S
C77xBase: LC.CM.P027b and previousNet: NCC.NPS.N107 and previousBase: LC.CM.P027bSNet: NCC.NPS.N107S
C73xBase: LR.SK.P224a and previousNet: NR.APS.N447a and previousBase: LR.SK.P311e and laterNet: NR.APS.N447b and later
C546Base: LU.AS.P424 and previousNet: NR.APS.N448 and previousBase: LU.AS.P429a and laterNet: NR.APS.N449 and later
C540 C543 C544Base: LL.AS.P424 and previousNet: NR.APS.N448 and previousBase: LL.AS.P429a and laterNet: NR.APS.N449 and later
C53xBase: LS.SW.P026avc and previousNet: NSF.NP.N026 and previousBase: LS.SW.P026avcSNet: NSF.NP.N026S
C52xBase: LS.FA.P129 and previousNet: Net: NS.NP.N219 and previousBase: LS.FA.P129SNet: NS.NP.N219S
25xxNBase: LCL.CU.P105 and previousNet: NCL.NA.N104 and previousBase: LC.CU.P106 and laterNet: NCL.NA.N105 and later
X422GN.AQ.P202 and previousNo release planned, see workaround.
X34x401.ec4 and previousNo release planned, see workaround.
T430JX.JU.P101 and previousNo release planned, see workaround.
E350LE.PH.P121 and previousNo release planned, see workaround.
E34xBR.H.P204 and previousNo release planned, see workaround.
E33x E23x141.C09 and previousNo release planned, see workaround.
E250LE.PM.P121 and previousNo release planned, see workaround.
E240nBR.Q.P204 and previousNo release planned, see workaround.
E240 E238BR.M.P204 and previousNo release planned, see workaround.
E120LE.UL.P040 and previousNo release planned, see workaround.
C510891.004 and previousNo release planned, see workaround.

I

PDS DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X86xBase: LP.SP.P311h and laterNet: NP.APS.332a and later
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X73xBase: LR.FL.P311h and laterNet: NR.APS.N447b and later
X65xBase: LR.MN.P311h and laterNet: NR.APS.N447b and later
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X46xBase: LR.BS.P311h and laterNet: NR.APS.N447b and later
W840Base: LS.HA.P225SNet: NS.NP.N259*
W850Base: LP.JB.P311h and laterNet: NP.APS.332a and later
T656Base: LSJ.SJ.P019S1 and laterNet: NR.APS.N402S and later
T650 T652 T654Base: LR.JP.P311h and laterNet: NR.APS.N447b and later
T64xBase: LS.ST.P240S1Net: NS.NP.N219S1
E462Base: LR.LBH.P311h and laterNet: NR.APS.N447b and later
E460Base: LR.LBH.P311h and laterNet: NR.APS.N447b and later
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LS.TA.P127EPsNet: NS.NP.N219S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C73xBase: LR.SK.P311h and laterNet: NR.APS.N447b and later

*A network firmware update is required AFTER the base has been updated for this device.

Forms DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X86xBase: LP.SP.P311e and laterNet: NP.APS.332a and later
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X73xBase: LR.FL.P311e and laterNet: NR.APS.N447b and later
X65xBase: LR.MN.P311e and laterNet: NR.APS.N447b and later
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
X46xBase: LR.BS.P311e and laterNet: NR.APS.N447b and later
W840Base: LD.HA.FM139sNet: NS.NP.N259*
W850Base: LP.JB.P311e and laterNet: NP.APS.332a and later
T656Base: LSJ.SJ.P019S1 and laterNet: NR.APS.N402S and later
T650 T652 T654Base: LR.JP.P311e and laterNet: NR.APS.N447b and later
T64xBase: LD.ST.FM152sNet: NS.NP.N259*
E462Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E460Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E450Base: LM.SZ.P113vcREsNet: NM.NA.N098aS
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LD.TA.FM130sNet: NS.NP.N219S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C73xBase: LR.SK.P311e and laterNet: NR.APS.N447b and later
C53xBase: LS.SW.P026avcS1Net: NSF.NP.N026S1
C52xBase: LD.FA.FM131s Net: NS.NP.N219S1

*A network firmware update is required AFTER the base has been updated for this device.

Barcode DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X86xBase: LP.SP.P311e and laterNet: NP.APS.332a and later
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X772eBase: LC2.TR.P275S1Net: NC2.NPS.N222S1
X73xBase: LR.FL.P311e and laterNet: NR.APS.N447b and later
X65xBase: LR.MN.P311e and laterNet: NR.APS.N447b and later
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
X46xBase: LR.BS.P311e and laterNet: NR.APS.N447b and later
W840Base: LD.HA.BC104sNet: NS.NP.N259*
W850Base: LP.JB.P311e and laterNet: NP.APS.332a and later
T656Base: LSJ.SJ.P019S1 and laterNet: NR.APS.N402S and later
T650 T652 T654Base: LR.JP.P311e and laterNet: NR.APS.N447b and later
T64xBase: LS.ST.P240S1Net: NS.NP.N219S1
E462Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E460Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E450Base: LM.SZ.P113vcREsNet: NM.NA.N098aS
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LD.TA.BC109sNet: NS.NP.N219S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C73xBase: LR.SK.P311e and laterNet: NR.APS.N447b and later
C53xBase: LS.SW.P026avcS1Net: NSF.NP.N026S1
C52xBase: LS.FA.P129S1Net: NS.NP.N219S1

Prescribe DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X86xBase: LP.SP.P311e and laterNet: NP.APS.332a and later
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X782eBase: LC2.TO.P305cS1Net: NC2.NPS.N222S1
X73xBase: LR.FL.P311e and laterNet: NR.APS.N447b and later
X65xBase: LR.MN.P311e and laterNet: NR.APS.N447b and later
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X64xefBase: LC2.TI.P305aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
X46xBase: LR.BS.P311e and laterNet: NR.APS.N447b and later
W840Base: LS.HA.P121S1Net: NS.NP.N118S1
W850Base: LP.JB.P311e and laterNet: NP.APS.332a and later
T656Base: LSJ.SJ.P019S1 and laterNet: NR.APS.N402S and later
T650 T652 T654Base: LR.JP.P311e and laterNet: NR.APS.N447b and later
T64xBase: LS.ST.P240S1Net: NS.NP.N219S1
E462Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E460Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bS1Net: NCC.NPS.N107S1
C73xBase: LR.SK.P311e and laterNet: NR.APS.N447b and later

Printcryption DLE Versions and Fixes

Lexmark ModelsFixed Releases
X94xBase: LC.BR.P051HDs1Net: NC.NPS.N129S1
X86xBase: LP.SP.P311e and laterNet: NP.APS.332a and later
X85xBase: LC4.BE.P457S1Net: NC2.NPS.N222S1
X73xBase: LR.FL.P311e and laterNet: NR.APS.N447b and later
X65xBase: LR.MN.P311e and laterNet: NR.APS.N447b and later
X644 & X646Base: LC2.MC.P307aS1Net: NC2.NPS.N222S1
X642Base: LC2.MB.P307bS1Net: NC2.NPS.N222S1
X46xBase: LR.BS.P311e and laterNet: NR.APS.N447b and later
W840Base: LS.HA.P236LPCsNet: NS.NP.N234LPCs
W850Base: LP.JB.P311e and laterNet: NP.APS.332a and later
T656Base: LSJ.SJ.P019S1 and laterNet: NR.APS.N402S and later
T650 T652 T654Base: LR.JP.P311e and laterNet: NR.APS.N447b and later
T64xBase: LS.ST.P240LPCsNet: NS.NP.N234LPCs
E462Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
E460Base: LR.LBH.P311e and laterNet: NR.APS.N447b and later
C935dnBase: LC.JO.P051S1Net: NC.NPS.N129S1
C920Base: LS.TA.P127LPCsNet: NS.NP.N234LPCs
C78xBase: LC.IO.P165aS1Net: NC2.NPS.N222S1
C77xBase: LC.CM.P027bLPCsNet: NCC.NPS.N116LPs
C73xBase: LR.SK.P311e and laterNet: NR.APS.N447b and later
C53xBase: LS.SW.P027LPCsNet: NSF.NP.N019LPCs
C52xBase: LS.FA.P129LPCsNet: NS.NP.N234LPCs

Workarounds

  1. Disabling the HTTP based service on the printer (TCP ports 80, 443, 8000 & 631) blocks the ability to exploit this vulnerability.

  2. If any of the HTTP based services must remain enabled, the problem can be mitigated by restricting the network devices that are permitted to communicate with the printer.

To do this:

Utilize either the “Restricted Server List” feature, or via IPsec configuration on the printers that support these features.

How does this work?

Restricting the number of devices that can communicate with the printer limits the devices that can attempt to exploit the vulnerability.

How to obtain updated firmware

To obtain firmware that resolves this issue, or if you have special code, please contact Lexmark’s Technical Support Center to find your local support center.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use of the vulnerability described in this advisory.

Distribution

This advisory is posted on Lexmark’s web site at support.lexmark.com/alerts.

Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

Revision Date Reason

1.0 26 Apr 2010 Initial public announcement

Status of this Notice:

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

Still Need Help?

Please see contactLexmark information below for further assistance. NOTE: When calling for support, you will need to know your printer model/machine type and serial number (SN).

Please call from near the printer and a computer in case the technician asks you to perform a task involving one of these devices.

LEGACY ID: TE87
Was this article helpful?


Related content

Top