VAR-200608-0045
Vulnerability from variot - Updated: 2025-04-03 22:25Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. This could result in the proxying of arbitrary requests by a user through the system using the vulnerable FTP print server. Successful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP print server. As a result, this may allow the attacker to bypass access controls and security restrictions by masking the original source of the attacker's traffic.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Dell Color Laser Printers Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21630
VERIFY ADVISORY: http://secunia.com/advisories/21630/
CRITICAL: Less critical
IMPACT: Security Bypass, DoS
WHERE:
From local network
OPERATING SYSTEM: Dell Color Laser Printer 5110cn http://secunia.com/product/11721/ Dell Color Laser Printer 5100cn http://secunia.com/product/11733/ Dell Color Laser Printer 3110cn http://secunia.com/product/11734/ Dell Color Laser Printer 3100cn http://secunia.com/product/11736/ Dell Color Laser Printer 3010cn http://secunia.com/product/11735/ Dell Color Laser Printer 3000cn http://secunia.com/product/11737/
DESCRIPTION: Some vulnerabilities have been reported in various Dell Color Laser Printers, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service).
1) The embedded FTP server does not restrict the use of the FTP PORT command.
2) The embedded HTTP server does not authenticate certain HTTP requests correctly. This can be exploited to make unauthorized changes to the system configuration or to cause a DoS.
The vulnerability has been reported in Dell 5110cn, Dell 3110cn, and Dell 3010cn with firmware versions prior to A01 and in Dell 5100cn, Dell 3100cn, and Dell 3000cn with firmware versions prior to A05.
NOTE: Other products using the Fuji Xerox Printing Engine may also be affected.
SOLUTION: Apply patches.
Dell 5110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130538.EXE
Dell 3110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130356.EXE
Dell 3010cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R132075.EXE
Dell 5100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132718.EXE
Dell 3100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132079.EXE
Dell 3000cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132368.EXE
PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University.
ORIGINAL ADVISORY: https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities
Advisory ID: 20060824_FXPS_Print_Engine_Vulnerabilities[2]
Revisions: 08-24-2006 2350 UTC 1.0 Initial Public Release
Issues: FTP bounce attack is possible when FTP printing is enabled (CVE-2006-2112)[3]
Embedded HTTP server allows unauthenticated access to system configuration and settings (CVE-2006-2113)[4]
Credit/acknowledgement: CVE-2006-2112 Date of discovery: 04-11-2006 Nate Johnson, Lead Security Engineer, Indiana University Sean Krulewitch, Deputy IT Security Officer, Indiana University
CVE-2006-2113 Date of discovery: 04-11-2006 Sean Krulewitch, Deputy IT Security Officer, Indiana University
Summary: Certain FXPS print engines contain vulnerabilities that allow a remote attacker to perform FTP bounce attacks through the FTP printing interface or allow unauthenticated access to the embedded HTTP remote user interface. A successful attacker would be able to reset the administrator password but would not be capable of exposing the current password.
Mitigation/workarounds: Disabling FTP printing prevents the FTP bounce attack. Disabling the embedded web server prevents the DoS/unauthorized configuration change attack. Best practice suggests that access controls and network firewall policies be put into place to only allow connections from trusted machines and networks.
Criticality: These vulnerabilities have a combined risk of moderately critical.
Footnotes: [1] http://www.fxpsc.co.jp/en/ [2] https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113 [5] http://ftp.us.dell.com/printer/R130538.EXE [6] http://ftp.us.dell.com/printer/R130356.EXE [7] http://ftp.us.dell.com/printer/R132075.EXE [8] http://ftp.us.dell.com/printer/R132718.EXE [9] http://ftp.us.dell.com/printer/R132079.EXE [10] http://ftp.us.dell.com/printer/R132368.EXE
All contents are Copyright 2006 The Trustees of Indiana University. All rights reserved.
Sean Krulewitch, Deputy IT Security Officer IT Security Office, Office of the VP for Information Technology Indiana University For PGP Key or S/MIME cert: https://www.itso.iu.edu/Sean_Krulewitch
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060)
iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe AJYb0WM59jddPs4cSXaZOyQq =Y7Kv -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3100cn",
"scope": null,
"trust": 1.4,
"vendor": "dell",
"version": null
},
{
"model": "3110cn",
"scope": null,
"trust": 1.4,
"vendor": "dell",
"version": null
},
{
"model": "5100cn",
"scope": null,
"trust": 1.4,
"vendor": "dell",
"version": null
},
{
"model": "5110cn",
"scope": null,
"trust": 1.4,
"vendor": "dell",
"version": null
},
{
"model": "5100cn",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "docuprint c830 network option card",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint 211",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "phaser 6201j",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint 181 network option card",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint c525a network option card",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "3110cn",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "docuprint 181",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint c1616 network option card",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint c830",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint 211 network option card",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "3010cn",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "5110cn",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "printing systems print engine",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint c525a",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "3000cn",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "docuprint c1616",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "docuprint c2535a",
"scope": "eq",
"trust": 1.0,
"vendor": "fuji xerox",
"version": "*"
},
{
"model": "3100cn",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "3000cn",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "3010cn",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "docuprint",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji xerox",
"version": "firmware 20060628"
},
{
"model": "docuprint",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji xerox",
"version": "and network option card firmware 5.13"
},
{
"model": "3110cn a01",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "xerox printing systems co. docuprint c2535a",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "5100cn",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "3110cn",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "3100cn a05",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "xerox printing systems co. docuprint",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "1810"
},
{
"model": "xerox printing systems co. docuprint c525a network option card",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "3000cn",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "5110cn a01",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "3000cn a05",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "xerox printing systems co. docuprint c525a",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. docuprint",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2110"
},
{
"model": "xerox printing systems co. docuprint network option card",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "1810"
},
{
"model": "3100cn",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "5100cn a05",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "xerox printing systems co. docuprint c525a network option card",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "8.17"
},
{
"model": "xerox printing systems co. docuprint network option card",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "2115.13"
},
{
"model": "3010cn",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "5110cn",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "xerox printing systems co. docuprint network option card",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "2110"
},
{
"model": "xerox printing systems co. docuprint c1616",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. fxps print engine",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. docuprint c1616 network option card",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. docuprint c830 network option card",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "5.13"
},
{
"model": "3010cn a01",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "xerox printing systems co. docuprint c1616 network option card",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "5.13"
},
{
"model": "xerox printing systems co. docuprint c830 network option card",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. phaser 6201j",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. docuprint c830",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "0"
},
{
"model": "xerox printing systems co. docuprint network option card",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "1815.13"
},
{
"model": "xerox printing systems co. phaser 6201j",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "5.13"
}
],
"sources": [
{
"db": "BID",
"id": "19711"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:dell:3000cn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:3010cn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:3100cn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:3110cn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:5100cn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:5110cn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fuji_xerox:docuprint",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Johnson and Sean Krulewitch are credited with discovering this vulnerability.",
"sources": [
{
"db": "BID",
"id": "19711"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-18220",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-2112",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-407",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-18220",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18220"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy (\"FTP bounce\") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. \nThis could result in the proxying of arbitrary requests by a user through the system using the vulnerable FTP print server. \nSuccessful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP print server. As a result, this may allow the attacker to bypass access controls and security restrictions by masking the original source of the attacker\u0027s traffic. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nDell Color Laser Printers Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21630\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21630/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, DoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nDell Color Laser Printer 5110cn\nhttp://secunia.com/product/11721/\nDell Color Laser Printer 5100cn\nhttp://secunia.com/product/11733/\nDell Color Laser Printer 3110cn\nhttp://secunia.com/product/11734/\nDell Color Laser Printer 3100cn\nhttp://secunia.com/product/11736/\nDell Color Laser Printer 3010cn\nhttp://secunia.com/product/11735/\nDell Color Laser Printer 3000cn\nhttp://secunia.com/product/11737/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in various Dell Color Laser\nPrinters, which can be exploited by malicious people to bypass\ncertain security restrictions or to cause a DoS (Denial of Service). \n\n1) The embedded FTP server does not restrict the use of the FTP PORT\ncommand. \n\n2) The embedded HTTP server does not authenticate certain HTTP\nrequests correctly. This can be exploited to make unauthorized\nchanges to the system configuration or to cause a DoS. \n\nThe vulnerability has been reported in Dell 5110cn, Dell 3110cn, and\nDell 3010cn with firmware versions prior to A01 and in Dell 5100cn,\nDell 3100cn, and Dell 3000cn with firmware versions prior to A05. \n\nNOTE: Other products using the Fuji Xerox Printing Engine may also be\naffected. \n\nSOLUTION:\nApply patches. \n\nDell 5110cn (firmware versions prior to A01):\nhttp://ftp.us.dell.com/printer/R130538.EXE\n\nDell 3110cn (firmware versions prior to A01):\nhttp://ftp.us.dell.com/printer/R130356.EXE\n\nDell 3010cn (firmware versions prior to A01):\nhttp://ftp.us.dell.com/printer/R132075.EXE\n\nDell 5100cn (firmware versions prior to A05):\nhttp://ftp.us.dell.com/printer/R132718.EXE\n\nDell 3100cn (firmware versions prior to A05):\nhttp://ftp.us.dell.com/printer/R132079.EXE\n\nDell 3000cn (firmware versions prior to A05):\nhttp://ftp.us.dell.com/printer/R132368.EXE\n\nPROVIDED AND/OR DISCOVERED BY:\nNate Johnson and Sean Krulewitch, Indiana University. \n\nORIGINAL ADVISORY:\nhttps://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nPROVIDED AND/OR DISCOVERED BY:\nNate Johnson and Sean Krulewitch, Indiana University. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIndiana University Security Advisory: \nFuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities\n\nAdvisory ID:\n20060824_FXPS_Print_Engine_Vulnerabilities[2]\n\nRevisions:\n08-24-2006 2350 UTC\t1.0\tInitial Public Release\n\nIssues:\nFTP bounce attack is possible when FTP printing is enabled\n(CVE-2006-2112)[3]\n\nEmbedded HTTP server allows unauthenticated access to system\nconfiguration and settings (CVE-2006-2113)[4]\n\nCredit/acknowledgement:\nCVE-2006-2112\nDate of discovery: 04-11-2006\nNate Johnson, Lead Security Engineer, Indiana University\nSean Krulewitch, Deputy IT Security Officer, Indiana University\n\nCVE-2006-2113\nDate of discovery: 04-11-2006\nSean Krulewitch, Deputy IT Security Officer, Indiana University\n\nSummary:\nCertain FXPS print engines contain vulnerabilities that allow a remote\nattacker to perform FTP bounce attacks through the FTP printing\ninterface or allow unauthenticated access to the embedded HTTP remote\nuser interface. \nA successful attacker would be able to reset the administrator password\nbut would not be capable of exposing the current password. \n\nMitigation/workarounds:\nDisabling FTP printing prevents the FTP bounce attack. Disabling the\nembedded web server prevents the DoS/unauthorized configuration change\nattack. Best practice suggests that access controls and network\nfirewall policies be put into place to only allow connections from\ntrusted machines and networks. \n\nCriticality:\nThese vulnerabilities have a combined risk of moderately critical. \n\nFootnotes:\n[1]\thttp://www.fxpsc.co.jp/en/\n[2]\thttps://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities\n[3]\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112\n[4]\thttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113\n[5]\thttp://ftp.us.dell.com/printer/R130538.EXE\n[6]\thttp://ftp.us.dell.com/printer/R130356.EXE\n[7]\thttp://ftp.us.dell.com/printer/R132075.EXE\n[8]\thttp://ftp.us.dell.com/printer/R132718.EXE\n[9]\thttp://ftp.us.dell.com/printer/R132079.EXE\n[10]\thttp://ftp.us.dell.com/printer/R132368.EXE\n\nAll contents are Copyright 2006 The Trustees of Indiana University. All\nrights reserved. \n\n- -- \nSean Krulewitch, Deputy IT Security Officer\nIT Security Office, Office of the VP for Information Technology\nIndiana University\nFor PGP Key or S/MIME cert: https://www.itso.iu.edu/Sean_Krulewitch\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.0.6 (Build 6060)\n\niQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe\nAJYb0WM59jddPs4cSXaZOyQq\n=Y7Kv\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2112"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "BID",
"id": "19711"
},
{
"db": "VULHUB",
"id": "VHN-18220"
},
{
"db": "PACKETSTORM",
"id": "49519"
},
{
"db": "PACKETSTORM",
"id": "50964"
},
{
"db": "PACKETSTORM",
"id": "49473"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-18220",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18220"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2112",
"trust": 2.9
},
{
"db": "BID",
"id": "19711",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "22463",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21630",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-3401",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28249",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060825 INDIANA UNIVERSITY SECURITY ADVISORY: FUJI XEROX PRINTING SYSTEMS (FXPS) PRINT ENGINE VULNERABILITIE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060825 INDIANA UNIVERSITY SECURITY ADVISORY: FUJI XEROX PRINTING SYSTEMS (FXPS) PRINT ENGINE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "28637",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49473",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-18220",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49519",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50964",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18220"
},
{
"db": "BID",
"id": "19711"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "PACKETSTORM",
"id": "49519"
},
{
"db": "PACKETSTORM",
"id": "50964"
},
{
"db": "PACKETSTORM",
"id": "49473"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"id": "VAR-200608-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18220"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:57.664000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dell.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fxpsc.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18220"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://itso.iu.edu/20060824_fxps_print_engine_vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19711"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28249"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21630"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22463"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/444321/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3401"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28637"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=115652437223454\u0026w=2"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2112"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2112"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28637"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/444321/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3401"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=115652437223454\u0026w=2"
},
{
"trust": 0.4,
"url": "http://www.fxpsc.co.jp/en/"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.3,
"url": "/archive/1/444321"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://ftp.us.dell.com/printer/r132718.exe"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/21630/"
},
{
"trust": 0.2,
"url": "http://ftp.us.dell.com/printer/r130356.exe"
},
{
"trust": 0.2,
"url": "http://ftp.us.dell.com/printer/r132079.exe"
},
{
"trust": 0.2,
"url": "http://ftp.us.dell.com/printer/r132368.exe"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://ftp.us.dell.com/printer/r130538.exe"
},
{
"trust": 0.2,
"url": "http://ftp.us.dell.com/printer/r132075.exe"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=115652437223454\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11736/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11721/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11734/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11737/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11735/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11733/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22463/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12311/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12314/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12310/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12313/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12315/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12312/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2113"
},
{
"trust": 0.1,
"url": "https://www.itso.iu.edu/sean_krulewitch"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2113"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18220"
},
{
"db": "BID",
"id": "19711"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "PACKETSTORM",
"id": "49519"
},
{
"db": "PACKETSTORM",
"id": "50964"
},
{
"db": "PACKETSTORM",
"id": "49473"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18220"
},
{
"db": "BID",
"id": "19711"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"db": "PACKETSTORM",
"id": "49519"
},
{
"db": "PACKETSTORM",
"id": "50964"
},
{
"db": "PACKETSTORM",
"id": "49473"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-18220"
},
{
"date": "2006-08-25T00:00:00",
"db": "BID",
"id": "19711"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"date": "2006-08-29T03:00:37",
"db": "PACKETSTORM",
"id": "49519"
},
{
"date": "2006-10-16T15:32:01",
"db": "PACKETSTORM",
"id": "50964"
},
{
"date": "2006-08-28T05:06:00",
"db": "PACKETSTORM",
"id": "49473"
},
{
"date": "2006-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"date": "2006-08-25T01:04:00",
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-18220"
},
{
"date": "2006-10-13T21:49:00",
"db": "BID",
"id": "19711"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001007"
},
{
"date": "2006-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-407"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2112"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FXPS In the print engine FTP Vulnerability using print interface as proxy",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-407"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…