28249 : Fuji Xerox Printing Systems (FXPS) Print Engine FTP PORT Command Bounce Attack
Printer | http://osvdb.org/28249 | Email This | Edit Vulnerability

Views This Week

Views All Time

141

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

Aug 24, 2006

Discovery

Apr 11, 2006

Dates

Exploit

Unknown

Solution

Unknown

Keywords

No Keywords

Description

Fuji Xerox Printing Systems (FXPS) Print Engine contains a flaw that may lead to an unauthorized information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command. It is possible for a remote attacker to establish a connection between the server and an arbitrary port on another system to perform a portscan, which will disclose sensitiv system information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade the firmware to the latest version available from the vendor, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable FTP printing.

Products

Dell	3000cn	A05
		Unknown or Unspecified
	3100cn	A05
		Unknown or Unspecified
	5100cn	A05
		Unknown or Unspecified
	3010cn	A01
		Unknown or Unspecified
	3110cn	A01
		Unknown or Unspecified
	5110cn	A01
		Unknown or Unspecified

References

Bugtraq ID: 19711
CVE ID: 2006-2112 (see also: NVD)
FrSIRT Advisory: 2006
Secunia Advisory ID: 21630 22463
Related OSVDB ID: 28250
ISS X-Force ID: 28637
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0030.html
Vendor Specific Advisory URL: http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
Other Advisory URL: http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
Packet Storm: http://packetstormsecurity.org/0608-advisories/fuji-xerox.txt
Vendor Specific Solution URL: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?docid= ......
Vendor URL: http://www.fxpsc.co.jp/en/

Credit

Sean Krulewitch - Indiana University
Nate Johnson - Indiana University

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

Dell

3000cn

3100cn

5100cn

3010cn

3110cn

5110cn

References

Credit

Blogs

Comments