Thank you for your feedback



PJL Remote Buffer Overflow Security Vulnerability Notification for Lexmark Printers and Multi-Function Printers

Document ID:TE84
 
  Properties  

Problem

PJL remote buffer overflow; Lost printer and copy capability; 900 Service; SIGSEGV; SIGILL;

Solution

PJL Security Vulnerability Table of Contents

 

 

Overview

Lexmark Security Advisory:

      • -Revision: 1.0
      • -Last update: 18 Mar 2010
      • -Public Release Date: 22 Mar 2010

 

Summary of PJL Remote Buffer Overflow Vulnerability

Some Lexmark Laser Printers contain remote buffer overflow vulnerabilities in their PJL
processing functionality. These vulnerabilities could potentially lead to remote code execution,
but no malicious use of this vulnerability is known.

 

 

Reference

CVE: CVE-2010-0619

Vulnerability Scoring Details:

CVSS Base Score 7.3

Exploitability:

Impact:
Access Vector: Network Confidentiality: Complete
Access Complexity:High Integrity: Partial
Authentication: None Availability: Complete

CVSS scores are calculated in accordance with CVSS version 2.0

 

Affected Products


Multiple Lexmark laser printer products, for specific details see “Suggested Firmware/Software Fix"
below.

 

Details

If a specifically crafted PJL command is sent to the printer, it is possible to insert information
onto the stack of the embedded microprocessor.

 


Impact

Successful exploitation of this vulnerability can lead to remote code execution on the affected
printer.


 

Suggested Firmware/Software Fix

Updated firmware or printer base code that removes the vulnerability described in this advisory is available for the
following devices:

 Base Lexmark Model Fixes

Lexmark Models
Affected Releases
Fixed Releases
X94x
LC.BR.P049 and previous
LC.BR.P051HDs and later
X86x
LP.SP.P112 and previous
LP.LP.P311e and later
X85x
LC4.BE.P457 and previous
LC4.BE.P457S and later
X782e
LC2.TO.P305c and previous
LC2.TO.P305cS and later
X772e
LC2.TR.P275 and previous
LC2.TR.P275S and later
X73x
LR.FL.P224b and previous
LR.FL.P311e and later
X65x
LR.MN.P224a and previous
LR.MN.P311e and later
X644 & X646
LC2.MC.P307a and previous
LC2.MC.P307aS and later
X64xef
LC2.TI.P305a and previous
LC2.TI.P305aS and later
X642
LC2.MB.P307b and previous
LC2.MB.P307bS and later
X546
LL.EL.P424 and previous
LL.EL.P429a and later
X543 & X544
LL.EL.P424 and previous
LL.EL.P429a and later
X46x
LR.BS.P224a and previous
LR.BS.P311e and later
X36x
LL.BZ.P424 and previous
LL.BZ.P429a and later
X264
LM1.MT.P110h and previous
LM1.MT.P214 and later
W840
LS.HA.P121 and previous
LS.HA.P121S and later
W850
LP.JB.P108WS and previous
LP.JB.P311e and later
T656
LSJ.SJ.P019 and previous
LSJ.SJ.P019S and later
T650 T652 T654
LR.JP.P224a and previous
LR.JP.P311e and later
T64x
LS.ST.P240 and previous
LS.ST.P240S and later
E462
LR.LBH.P224cWS and previous
LR.LBH.P311e and later
E460
LR.LBH.P224a and previous
LR.LBH.P311e and later
E450
LM.SZ.P113vcREF and previous
LM.SZ.P113vcREs and later
E360dn
LL.LBM.P424 and previous
LL.LBM.P429a and later
E260 E360d
LL.LBL.P424 and previous
LL.LBL.P429a and later
C935dn
LC.JO.P051 and previous
LC.JO.P051S and later
C920
LS.TA.P127 and previous
LS.TA.P127S and later
C78x
LC.IO.P165a and previous
LC.IO.P165aS and later
C77x
LC.CM.P027b and previous
LC.CM.P027bS and later
C73x
LR.SK.P224a and previous
LR.SK.P311e and later
C546
LU.AS.P424 and previous
LU.AS.P429a and later
C540 C543 C544
LL.AS.P424 and previous
LL.AS.P429a and later
C53x
LS.SW.P026avc and previous
LS.SW.P026avcS and later
C52x
LS.FA.P129 and previous
LS.FA.P129S and later

 

 

 

IPDS DLE Versions and Fixes

Lexmark Models
Fixed Releases
X94x
LC.BR.P051HDs1 and later
X86x
LP.LP.P311h and later
X85x
LC4.BE.P457S1 and later
X782e
LC2.TO.P305cS1 and later
X73x
LR.FL.P311h and later
X65x
LR.MN.P311h and later
X644 & X646
LC2.MC.P307aS1 and later
X64xef
LC2.TI.P305aS1 and later
X46x
LR.BS.P311h and later
W840
LS.HA.P225S and later
W850
LP.JB.P311h and later
T656
LSJ.SJ.P019S and later
T650 T652 T654
LR.JP.P311h and later
T64x
LS.ST.P240S1 and later
E462
LR.LBH.P311h and later
E460
LR.LBH.P311h and later
C935dn
LC.JO.P051S1 and later
C920
LS.TA.P127EPs and later
C78x
LC.IO.P165aS1 and later
C77x
LC.CM.P027bS1 and later
C73x
LR.SK.P311h and later

 

 

Forms DLE Versions and Fixes

Lexmark Models
Fixed Releases
X94x
LC.BR.P051HDs1 and later
X86x
LP.LP.P311e and later
X85x
LC4.BE.P457S1 and later
X782e
LC2.TO.P305cS1 and later
X73x
LR.FL.P311e and later
X65x
LR.MN.P311e and later
X644 & X646
LC2.MC.P307aS1 and later
X64xef
LC2.TI.P305aS1 and later
X642
LC2.MB.P307bS1 and later
X46x
LR.BS.P311e and later
W840
LD.HA.FM139s and later
W850
LP.JB.P311e and later
T656
LSJ.SJ.P019S and later
T650 T652 T654
LR.JP.P311e and later
T64x
LD.ST.FM152s and later
E462
LR.LBH.P311e and later
E460
LR.LBH.P311e and later
E450
LM.SZ.P113vcREs1 and later
C935dn
LC.JO.P051S1 and later
C920
LD.TA.FM130s and later
C78x
LC.IO.P165aS1 and later
C77x
LC.CM.P027bS1 and later
C73x
LR.SK.P311e and later
C53x
LS.SW.P026avcS1 and later
C52x
LD.FA.FM131s and later

 

 

 

Barcode DLE Versions and Fixes

Lexmark Models
Fixed Releases
X94x
LC.BR.P051HDs1 and later
X86x
LP.LP.P311e and later
X85x
LC4.BE.P457S1 and later
X782e
LC2.TO.P305cS1 and later
X772e
LC2.TR.P275S1 and later
X73x
LR.FL.P311e and later
X65x
LR.MN.P311e and later
X644 & X646
LC2.MC.P307aS1 and later
X64xef
LC2.TI.P305aS1 and later
X642
LC2.MB.P307bS1 and later
X46x
LR.BS.P311e and later
W840
LD.HA.BC104s and later
W850
LP.JB.P311e and later
T656
LSJ.SJ.P019S and later
T650 T652 T654
LR.JP.P311e and later
T64x
LS.ST.P240S1 and later
E462
LR.LBH.P311e and later
E460
LR.LBH.P311e and later
E450
LM.SZ.P113vcREs1 and later
C935dn
LC.JO.P051S1 and later
C920
LD.TA.BC109s and later
C78x
LC.IO.P165aS1 and later
C77x
LC.CM.P027bS1 and later
C73x
LR.SK.P311e and later
C53x
LS.SW.P026avcS1 and later
C52x
LS.FA.P129S1 and later

 

 

Prescribe DLE Versions and Fixes 

Lexmark Models
Fixed Releases
X94x
LC.BR.P051HDs1 and later
X86x
LP.LP.P311e and later
X85x
LC4.BE.P457S1 and later
X782e
LC2.TO.P305cS1 and later
X73x
LR.FL.P311e and later
X65x
LR.MN.P311e and later
X644 & X646
LC2.MC.P307aS1 and later
X64xef
LC2.TI.P305aS1 and later
X642
LC2.MB.P307bS1 and later
X46x
LR.BS.P311e and later
W840
LS.HA.P121S1 and later
W850
LP.JB.P311e and later
T656
LSJ.SJ.P019S and later
T650 T652 T654
LR.JP.P311e and later
T64x
LS.ST.P240S1 and later
E462
LR.LBH.P311e and later
E460
LR.LBH.P311e and later
C935dn
LC.JO.P051S1 and later
C78x
LC.IO.P165aS1 and later
C77x
LC.CM.P027bS1 and later
C73x
LR.SK.P311e and later

 

 

PrintCryption DLE Versions and Fixes 

Lexmark Models
Fixed Releases
X94x
LC.BR.P051HDs1 and later
X86x
LP.LP.P311e and later
X85x
LC4.BE.P457S1 and later
X73x
LR.FL.P311e and later
X65x
LR.MN.P311e and later
X644 & X646
LC2.MC.P307aS1 and later
X642
LC2.MB.P307bS1 and later
X46x
LR.BS.P311e and later
W840
LS.HA.P236LPCs and later
W850
LP.JB.P311e and later
T656
LSJ.SJ.P019S and later
T650 T652 T654
LR.JP.P311e and later
T64x
LS.ST.P240LPCs and later
E462
LR.LBH.P311e and later
E460
LR.LBH.P311e and later
C935dn
LC.JO.P051S1 and later
C920
LS.TA.P127LPCs and later
C78x
LC.IO.P165aS1 and later
C77x
LC.CM.P027bLPCs and later
C73x
LR.SK.P311e and later
C53x
LS.SW.P027LPCs and later
C52x
LS.FA.P129LPCs and later
 

 

Workarounds

The problem can be mitigated by restricting the network devices that are permitted to communicate with the printer.

To do this:

    • -Limit access to the printer by utilizing either the “Restricted Server List” feature, or IPsec if the printer supports this feature. Hence, by restricting the number of devices that can communicate with the printer, you limit the number of devices that can be exploited by the vulnerability.
    • -Power cycling the printer will remove any injected code, and remove any resulting 900 service error.
    • -Enable automatic HDD wiping on the device to eliminate risk associated to residual job data.


 

 


How to obtain updated firmware

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center to find your local support center. 

 

Exploitation and Public Announcements


Lexmark is not aware of any malicious use of the vulnerability described in this advisory.

Lexmark would like to thank Francis Provencher of Protek Research Labs for bringing this to our attention.

 


Status of this Notice


This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

 

 

Distribution


This advisory is posted on Lexmark’s web site at support.lexmark.com/alerts.
Future updates to this document will be posted on Lexmark’s web site at the same location.

 

 

Revision History

Revision Date Reason
1.0 22-Mar-2010 Initial Public Release

 


Still Need Help?

 

Please see contact information below for further assistance. NOTE: When calling for support, you will need to know your printer model/machine type and serial number (SN).

Please call from near the printer and a computer in case the technician asks you to perform a task involving one of these devices.

 



Link:
Please enter the email address you would like to send a copy of this page to.