CVE-2006-2112
CVSS7.5
发布时间 :2006-08-24 21:04:00
修订时间 :2016-10-17 23:39:39
NMCOPS    

[原文]Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.


[CNNVD]Fuji Xerox Printing System FTP跳转攻击漏洞(CNNVD-200608-407)

        Fuji Xerox Printing Systems (FXPS)打印引擎,应用于以下软件时:(1) Dell 3000cn至5110cn,以及(2) Fuji Xerox DocuPrint硬件20060628之前版本及Network Option Card硬件5.13之前版本,远程攻击者可通过使用任意PORT自变量连接到限制直接访问的系统,从而将FTP打印接口用作代理服务器("FTP跳转攻击")。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/h:fuji_xerox:phaser_6201j
cpe:/h:fuji_xerox:docuprint_c525a_network_option_card
cpe:/h:fuji_xerox:docuprint_181
cpe:/h:dell:5110cnDell 5110cn
cpe:/h:dell:5100cnDell 5100cn
cpe:/h:fuji_xerox:docuprint_c525a
cpe:/h:dell:3110cnDell 3110cn
cpe:/h:fuji_xerox:docuprint_211
cpe:/h:fuji_xerox:docuprint_211_network_option_card
cpe:/h:fuji_xerox:docuprint_c1616_network_option_card
cpe:/h:dell:3100cnDell 3100cn
cpe:/h:fuji_xerox:docuprint_c2535a
cpe:/h:dell:3010cnDell 3010cn
cpe:/h:fuji_xerox:fuji_xerox_printing_systems_print_engine
cpe:/h:fuji_xerox:docuprint_c1616
cpe:/h:dell:3000cnDell 3000cn
cpe:/h:fuji_xerox:docuprint_181_network_option_card
cpe:/h:fuji_xerox:docuprint_c830_network_option_card
cpe:/h:fuji_xerox:docuprint_c830

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2112
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-407
(官方数据源) CNNVD

- 其它链接及资源

http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
(PATCH)  MISC  http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
http://marc.info/?l=bugtraq&m=115652437223454&w=2
(UNKNOWN)  BUGTRAQ  20060825 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilitie
http://www.securityfocus.com/archive/1/archive/1/444321/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060825 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities
http://www.securityfocus.com/bid/19711
(UNKNOWN)  BID  19711
http://www.vupen.com/english/advisories/2006/3401
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3401
http://xforce.iss.net/xforce/xfdb/28637
(UNKNOWN)  XF  fxps-port-security-bypass(28637)

- 漏洞信息

Fuji Xerox Printing System FTP跳转攻击漏洞
高危 设计错误
2006-08-24 00:00:00 2006-10-30 00:00:00
远程  
        Fuji Xerox Printing Systems (FXPS)打印引擎,应用于以下软件时:(1) Dell 3000cn至5110cn,以及(2) Fuji Xerox DocuPrint硬件20060628之前版本及Network Option Card硬件5.13之前版本,远程攻击者可通过使用任意PORT自变量连接到限制直接访问的系统,从而将FTP打印接口用作代理服务器("FTP跳转攻击")。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Fuji Xerox Printing Systems Co. DocuPrint C830 0
        Fuji Xerox Printing Systems Co. C83F0607.EXE
        http://download.fujixerox.co.jp/docuprint_c/download/830/fw.html
        Fuji Xerox Printing Systems Co. Phaser 6201J 0
        Fuji Xerox Printing Systems Co. 6201N513.EXE
        http://www.fxpsc.co.jp/download/fw/fw_6201.html
        Fuji Xerox Printing Systems Co. DocuPrint C525A Network Option Card 0
        Fuji Xerox Printing Systems Co. N5250817.EXE
        http://download.fujixerox.co.jp/docuprint_c/download/525a/nic_fw.html
        Fuji Xerox Printing Systems Co. DocuPrint C1616 0
        Fuji Xerox Printing Systems Co. C16F0607.EXE
        http://download.fujixerox.co.jp/docuprint_c/download/1616/fw.html
        Fuji Xerox Printing Systems Co. DocuPrint 181 0
        Fuji Xerox Printing Systems Co. 181F0607.EXE
        http://download.fujixerox.co.jp/docuprint/download/211series/181_firm. html
        Fuji Xerox Printing Systems Co. DocuPrint C525A 0
        Fuji Xerox Printing Systems Co. C5250614.EXE
        http://download.fujixerox.co.jp/docuprint_c/download/525a/fw.html
        Fuji Xerox Printing Systems Co. DocuPrint 211 0
        Fuji Xerox Printing Systems Co. 211F0607.EXE
        http://download.fujixerox.co.jp/docuprint/download/211series/211_firm. html
        Fuji Xerox Printing Systems Co. DocuPrint C830 Network Option Card 0
        Fuji Xerox Printing Systems Co. C83N513.EXE
        http://download.fujixerox.co.jp/docuprint_c/download/830/nic_fw.html
        

- 漏洞信息 (F49473)

fuji-xerox.txt (PacketStormID:F49473)
2006-08-28 00:00:00
 
advisory,web,vulnerability
CVE-2006-2112,CVE-2006-2113
[点击下载]

Indiana University Security Advisory - The Fuji Xerox Printing Systems print engine suffers from multiple vulnerabilities. An FTP bounce attack is possible when FTP printing is enabled. The embedded HTTP server allows unauthenticated access to system configuration and settings.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Indiana University Security Advisory: 
Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities

Advisory ID:
20060824_FXPS_Print_Engine_Vulnerabilities[2]

Revisions:
08-24-2006 2350 UTC	1.0	Initial Public Release

Issues:
FTP bounce attack is possible when FTP printing is enabled
(CVE-2006-2112)[3]

Embedded HTTP server allows unauthenticated access to system
configuration and settings (CVE-2006-2113)[4]

Credit/acknowledgement:
CVE-2006-2112
Date of discovery: 04-11-2006
Nate Johnson, Lead Security Engineer, Indiana University
Sean Krulewitch, Deputy IT Security Officer, Indiana University

CVE-2006-2113
Date of discovery: 04-11-2006
Sean Krulewitch, Deputy IT Security Officer, Indiana University

Summary:
Certain FXPS print engines contain vulnerabilities that allow a remote
attacker to perform FTP bounce attacks through the FTP printing
interface or allow unauthenticated access to the embedded HTTP remote
user interface.  The first vulnerability is due to a failure to restrict
the connections made by the FTP PORT command.  This allows an attacker
to cause the FTP server to make arbitrary connections to ports on
another system, which can be used to bypass access controls and hide the
the true identity of the source of the attacker's traffic.  The second
vulnerability is due to a failure to properly authenticate HTTP
requests.  Specially constructed HTTP requests allow an attacker to make
unauthorized changes to system configuration and settings, and can also
be used to cause a denial of service against a vulnerable print server.
A successful attacker would be able to reset the administrator password
but would not be capable of exposing the current password.

Mitigation/workarounds:
Disabling FTP printing prevents the FTP bounce attack.  Disabling the
embedded web server prevents the DoS/unauthorized configuration change
attack.  Best practice suggests that access controls and network
firewall policies be put into place to only allow connections from
trusted machines and networks.

Criticality:
These vulnerabilities have a combined risk of moderately critical.

Products affected:
Dell 5110cn, firmware versions less than A01 [5]
Dell 3110cn, firmware versions less than A01 [6]
Dell 3010cn, firmware versions less than A01 [7]
Dell 5100cn, firmware versions less than A05 [8]
Dell 3100cn, firmware versions less than A05 [9]
Dell 3000cn, firmware versions less than A05 [10]
Other OEM products using the affected FXPS print engine

Recommended steps:
Apply vendor patches and disable remote protocols that are not
necessary.  

Footnotes:
[1]	http://www.fxpsc.co.jp/en/
[2]	https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
[3]	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112
[4]	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113
[5]	http://ftp.us.dell.com/printer/R130538.EXE
[6]	http://ftp.us.dell.com/printer/R130356.EXE
[7]	http://ftp.us.dell.com/printer/R132075.EXE
[8]	http://ftp.us.dell.com/printer/R132718.EXE
[9]	http://ftp.us.dell.com/printer/R132079.EXE
[10]	http://ftp.us.dell.com/printer/R132368.EXE

All contents are Copyright 2006 The Trustees of Indiana University. All
rights reserved.

- -- 
Sean Krulewitch, Deputy IT Security Officer
IT Security Office, Office of the VP for Information Technology
Indiana University
For PGP Key or S/MIME cert:  https://www.itso.iu.edu/Sean_Krulewitch

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe
AJYb0WM59jddPs4cSXaZOyQq
=Y7Kv
-----END PGP SIGNATURE-----
    

- 漏洞信息

28249
Fuji Xerox Printing Systems (FXPS) Print Engine FTP PORT Command Port Scan Bounce Weakness
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Fuji Xerox Printing Systems (FXPS) contains a flaw that may lead to an information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command while in passive(PASV) mode. It is possible for a remote attacker to establish a connection between the FTP server and an arbitrary port on a third-party system, essentially conducting a port-scan. This can be used to obscure the the source of the port-scan, as well as scan internal systems that may be protected by a screening device.

- 时间线

2006-08-24 2006-04-11
Unknow Unknow

- 解决方案

Upgrade the firmware to the latest version available from the vendor, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable FTP printing.

- 相关参考

- 漏洞作者

- 漏洞信息

Fuji Xerox Printing Systems Print Engine FTP Bounce Vulnerability
Design Error 19711
Yes No
2006-08-25 12:00:00 2006-10-13 09:49:00
Nate Johnson and Sean Krulewitch are credited with discovering this vulnerability.

- 受影响的程序版本

Fuji Xerox Printing Systems Co. Phaser 6201J 0
Fuji Xerox Printing Systems Co. FXPS Print Engine (OEM) 0
Fuji Xerox Printing Systems Co. DocuPrint C830 Network Option Card 0
Fuji Xerox Printing Systems Co. DocuPrint C830 0
Fuji Xerox Printing Systems Co. DocuPrint C525A Network Option Card 0
Fuji Xerox Printing Systems Co. DocuPrint C525A 0
Fuji Xerox Printing Systems Co. DocuPrint C2535A 0
Fuji Xerox Printing Systems Co. DocuPrint C1616 Network Option Card 0
Fuji Xerox Printing Systems Co. DocuPrint C1616 0
Fuji Xerox Printing Systems Co. DocuPrint 211 Network Option Card 0
Fuji Xerox Printing Systems Co. DocuPrint 211 0
Fuji Xerox Printing Systems Co. DocuPrint 181 Network Option Card 0
Fuji Xerox Printing Systems Co. DocuPrint 181 0
Dell 5110cn 0
Dell 5100cn 0
Dell 3110cn 0
Dell 3100cn 0
Dell 3010cn 0
Dell 3000cn 0
Dell 3000cn 0
Fuji Xerox Printing Systems Co. Phaser 6201J 5.13
Fuji Xerox Printing Systems Co. DocuPrint C830 Network Option Card 5.13
Fuji Xerox Printing Systems Co. DocuPrint C525A Network Option Card 8.17
Fuji Xerox Printing Systems Co. DocuPrint C1616 Network Option Card 5.13
Fuji Xerox Printing Systems Co. DocuPrint 211 Network Option Card 5.13
Fuji Xerox Printing Systems Co. DocuPrint 181 Network Option Card 5.13
Dell 5110cn A01
Dell 5100cn A05
Dell 3110cn A01
Dell 3100cn A05
Dell 3010cn A01
Dell 3000cn A05

- 不受影响的程序版本

Fuji Xerox Printing Systems Co. Phaser 6201J 5.13
Fuji Xerox Printing Systems Co. DocuPrint C830 Network Option Card 5.13
Fuji Xerox Printing Systems Co. DocuPrint C525A Network Option Card 8.17
Fuji Xerox Printing Systems Co. DocuPrint C1616 Network Option Card 5.13
Fuji Xerox Printing Systems Co. DocuPrint 211 Network Option Card 5.13
Fuji Xerox Printing Systems Co. DocuPrint 181 Network Option Card 5.13
Dell 5110cn A01
Dell 5100cn A05
Dell 3110cn A01
Dell 3100cn A05
Dell 3010cn A01
Dell 3000cn A05

- 漏洞讨论

FXPS print engine is affected by an FTP-Bounce issue that can allow remote attackers to connect between the FTP server and an arbitrary port on another computer.

This could result in the proxying of arbitrary requests by a user through the system using the vulnerable FTP print server.

Successful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP print server. As a result, this may allow the attacker to bypass access controls and security restrictions by masking the original source of the attacker's traffic.

- 漏洞利用

An attacker uses standard network tools to exploit this issue.

- 解决方案

The vendor has released updated firmware to address this issue.

Please see the references for more information.


Fuji Xerox Printing Systems Co. DocuPrint C830 0

Fuji Xerox Printing Systems Co. Phaser 6201J 0

Fuji Xerox Printing Systems Co. DocuPrint C525A Network Option Card 0

Fuji Xerox Printing Systems Co. DocuPrint C1616 0

Fuji Xerox Printing Systems Co. DocuPrint 181 0

Fuji Xerox Printing Systems Co. DocuPrint C525A 0

Fuji Xerox Printing Systems Co. DocuPrint 211 0

Fuji Xerox Printing Systems Co. DocuPrint C830 Network Option Card 0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站