PRL-2010-04

#####################################################################################

Application:   Lexmark Multiple Laser printer Remote Code Execution

Platforms:   Lexmark Multiple Laser printer

Exploitation:   Remote Exploitable

CVE Number:   CVE-2010-0619

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) Products affected
5) The Code

#####################################################################################

=================
1) Introduction
=================

Lexmark specializes in printers and printer accessories. Its current range of products includes color

and monochrome laser printers and inkjet printers, both of which may include scanners

(including all-in-one devices with faxing and copying capabilities and photo printers), and dot matrix printers.

Lexmark was one of the first companies to release wifi inkjet printers and the very first to release printers

with a web-enabled touchscreen, coming in early September of 2009. They also offer a wide variety of laser

printers with software solutions for more professional printing environments.

(Wikipedia)
#####################################################################################

====================
2) Report Timeline
====================

2010-01-06  Vendor Contacted
2010-01-09  Vendor Response
2010-01-09  Vendor request a PoC
2010-01-10  PoC is sent to the vendor
2010-01-12  Vendor confirme they received PoC
2010-01-13  Vendor confirm the vulnerability
2010-03-22  Public release of this advisory
#####################################################################################

======================
3) Technical details
======================

Multiple Lexmark Laser Printers contain remote buffer overflow vulnerabilities in their PJL processing

functionality. These vulnerabilities could lead to remote code execution on the printer without authentication.

Device freezes when a specialy PLJ request is sent to the daemon with an invalid argument on PJL INQUIRE command.

#####################################################################################

=============
4) PoC
=============

Here

###############################################################################