CERTA-2006-AVI-380
Vulnerability from certfr_avis - Published: 2006-08-31 - Updated: 2006-08-31None
Description
Deux vulnérabilités ont été découvertes dans certaines imprimantes laser couleur Dell :
- A cause d'une trop grande permissivité dans la commande PORT, le serveur FTP embarqué peut être utilisé comme rebond pour se connecter sur des systèmes tiers ;
- le serveur HTTP embarqué ne demande pas d'authentification pour accéder à la page d'administration de l'imprimante.
Solution
Appliquer les correctifs fournis par l'éditeur (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Dell Color Laser Printer 3100cn",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Dell Color Laser Printer 5100cn",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Dell Color Laser Printer 3110cn",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Dell Color Laser Printer 3000cn",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Dell Color Laser Printer 5110cn",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Dell Color Laser Printer 3010cn",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans certaines imprimantes laser\ncouleur Dell :\n\n- A cause d\u0027une trop grande permissivit\u00e9 dans la commande PORT, le\n serveur FTP embarqu\u00e9 peut \u00eatre utilis\u00e9 comme rebond pour se\n connecter sur des syst\u00e8mes tiers ;\n- le serveur HTTP embarqu\u00e9 ne demande pas d\u0027authentification pour\n acc\u00e9der \u00e0 la page d\u0027administration de l\u0027imprimante.\n\n## Solution\n\nAppliquer les correctifs fournis par l\u0027\u00e9diteur (cf. section\nDocumentation).\n",
"cves": [
{
"name": "CVE-2006-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2113"
},
{
"name": "CVE-2006-2112",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2112"
}
],
"initial_release_date": "2006-08-31T00:00:00",
"last_revision_date": "2006-08-31T00:00:00",
"links": [
{
"title": "Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R132368.EXE"
},
{
"title": "Dell 5100cn :",
"url": "http://ftp.us.dell.com/printer/R132718.EXE"
},
{
"title": "Correctifs de l\u0027\u00e9diteur: Dell 5110cn : \n Dell 3110cn : \n Dell 3010cn : \n Dell 5100cn : \n Dell 3100cn : \n Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R132718.EXE"
},
{
"title": "Correctifs de l\u0027\u00e9diteur: Dell 5110cn : \n Dell 3110cn : \n Dell 3010cn : \n Dell 5100cn : \n Dell 3100cn : \n Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R130538.EXE"
},
{
"title": "Dell 3110cn :",
"url": "http://ftp.us.dell.com/printer/R130356.EXE"
},
{
"title": "Dell 3010cn :",
"url": "http://ftp.us.dell.com/printer/R132075.EXE"
},
{
"title": "Correctifs de l\u0027\u00e9diteur: Dell 5110cn : \n Dell 3110cn : \n Dell 3010cn : \n Dell 5100cn : \n Dell 3100cn : \n Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R132368.EXE"
},
{
"title": "Correctifs de l\u0027\u00e9diteur: Dell 5110cn : \n Dell 3110cn : \n Dell 3010cn : \n Dell 5100cn : \n Dell 3100cn : \n Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R130356.EXE"
},
{
"title": "Correctifs de l\u0027\u00e9diteur: Dell 5110cn : \n Dell 3110cn : \n Dell 3010cn : \n Dell 5100cn : \n Dell 3100cn : \n Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R132079.EXE"
},
{
"title": "Dell 5110cn :",
"url": "http://ftp.us.dell.com/printer/R130538.EXE"
},
{
"title": "Dell 3100cn :",
"url": "http://ftp.us.dell.com/printer/R132079.EXE"
},
{
"title": "Correctifs de l\u0027\u00e9diteur: Dell 5110cn : \n Dell 3110cn : \n Dell 3010cn : \n Dell 5100cn : \n Dell 3100cn : \n Dell 3000cn :",
"url": "http://ftp.us.dell.com/printer/R132075.EXE"
}
],
"reference": "CERTA-2006-AVI-380",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s des Imprimantes Dell",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de l\u0027Universit\u00e9 d\u0027Indiana",
"url": "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…