Fuji Xerox Printing Systems (FXPS) Print Engine FTP PORT Command Bounce Attack

2006-08-24T11:33:49
ID OSVDB:28249
Type osvdb
Reporter Nate Johnson(), Sean Krulewitch()
Modified 2006-08-24T11:33:49

Description

Vulnerability Description

Fuji Xerox Printing Systems (FXPS) Print Engine contains a flaw that may lead to an unauthorized information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command. It is possible for a remote attacker to establish a connection between the server and an arbitrary port on another system to perform a portscan, which will disclose sensitiv system information resulting in a loss of confidentiality.

Solution Description

Upgrade the firmware to the latest version available from the vendor, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable FTP printing.

Short Description

Fuji Xerox Printing Systems (FXPS) Print Engine contains a flaw that may lead to an unauthorized information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command. It is possible for a remote attacker to establish a connection between the server and an arbitrary port on another system to perform a portscan, which will disclose sensitiv system information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.fxpsc.co.jp/en/ Vendor Specific Solution URL: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?docid=1C28DAC7B37DFEF0E0401E0A55171735&c=us&l=en&s=gen Vendor Specific Advisory URL Secunia Advisory ID:21630 Secunia Advisory ID:22463 Related OSVDB ID: 28250 Packet Storm: http://packetstormsecurity.org/0608-advisories/fuji-xerox.txt Other Advisory URL: https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities Other Advisory URL: http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0030.html ISS X-Force ID: 28637 FrSIRT Advisory: 2006-3401 CVE-2006-2112 Bugtraq ID: 19711