Advisory Details

February 13th, 2015

Lexmark Markvision Enterprise LibraryFileUploadServlet Remote Code Execution Vulnerability

ZDI-15-046
ZDI-CAN-2648

CVE ID CVE-2014-9375
CVSS SCORE 9.0, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
AFFECTED VENDORS Lexmark
AFFECTED PRODUCTS MarkVision Enterprise
TIPPINGPOINT™ IPS CUSTOMER PROTECTION TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 17175. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the LibraryFileUploadServlet servlet. By supplying a crafted ZIP archive which includes directory traversal in the archive filenames, an attacker is able to upload files to any location on the system. An attacker could leverage this to execute arbitrary code as SYSTEM.

VENDOR RESPONSE Lexmark has issued an update to correct this vulnerability. More details can be found at:
http://support.lexmark.com/index?page=content&id=TE677&locale=EN&userlocale=EN_US
DISCLOSURE TIMELINE
  • 2014-12-04 - Vulnerability reported to vendor
  • 2015-02-13 - Coordinated public release of advisory
CREDIT Andrea Micalizzi (rgod)
BACK TO ADVISORIES