|
|
| |
MarkVision is a printer administration package from Lexmark. In addition to software to remotely administer printers, it also provides printer drivers for a wide variety of printers for various flavors of Unix.
Several of the utilities that make up the Unix printer drivers contain command line buffer overflows. As some of these utilities are installed setuid root, a local attacker can trivially exploit the vulnerabilities to execute arbitrary code as root. |
| |
Credit:
The information has been provided by Secure Reality Advisories.
|
| |
Vulnerable systems:
Lexmark MarkVision versions below 4.4
(Specifically the MarkVision driver package for Unix. Other Lexmark drivers, e.g. Windows drivers, are not part of MarkVision)
The following utilities have been found to contain security vulnerabilities that allow local users to gain root privileges by overflowing internal variables:
- /usr/local/lexmark/markvision/bin/cat_network - Heap overflow
- /usr/local/lexmark/markvision/bin/cat_parallel - Stack overflow
- /usr/local/lexmark/markvision/bin/cat_serial - Stack overflow
Fix:
Please upgrade to the latest version of the MarkVision drivers (4.4) at
ftp://ftp.lexmark.com/pub/driver/unix/MarkVision/V4.4
|
|
|
|
|
|
|
|
