---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Lexmark Printers HTTP "Authorization" Header Denial of Service SECUNIA ADVISORY ID: SA39642 VERIFY ADVISORY: http://secunia.com/advisories/39642/ DESCRIPTION: A vulnerability has been reported in various Lexmark printers, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain HTTP "Authentication" headers. This can be exploited to e.g. crash a vulnerable device by sending HTTP requests containing certain invalid characters in the "Authentication" header to the device's TCP services making use of HTTP (e.g. ports 80, 443, 8000, and 631). Please see the vendor advisory for a list of affected products and versions. SOLUTION: Please see the vendor advisory for details on how to obtain an updated firmware or to apply a workaround. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------