-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0092
Lexmark has released updates for many of its products that include OpenSSL
                               1 August 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Lexmark printer products
                      Perceptive Content: ImageNow
                      Perceptive Search
                      Perceptive Process
                      Lexmark Document Distributor
                      Lexmark Print Management, On-Premise
                      Lexmark Fleet Manager
                      Cloud Configuration Services
Operating System:     Printer
                      Windows
Impact/Access:        Access Privileged Data         -- Remote/Unauthenticated
                      Provide Misleading Information -- Remote/Unauthenticated
                      Denial of Service              -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-3470 CVE-2014-0224 CVE-2014-0221
                      CVE-2014-0198 CVE-2014-0195 CVE-2014-0076
                      CVE-2010-5298  
Member content until: Sunday, August 31 2014

OVERVIEW

        Lexmark has released updates for many of its products that include 
        OpenSSL [1].


IMPACT

        The vendor has provided the following information regarding this 
        vulnerability:
        
        "CVE-2014-0224 SSL/TLS MITM vulnerability
        
        A remote attacker with the ability to intercept and inject traffic 
        between a vulnerable client and server could successfully force the
        SSL/TLS protocols to use a known session key, thus rendering the 
        content of those communications vulnerable to interception and 
        modification.
        
        CVSS Base Score: 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) 
        Impact Subscore: 6.4 
        Exploitability Subscore: 8.6
        
        CVE-2014-0221 DTLS recursion flaw
        
        Sending an invalid DTLS handshake can cause a crash leading to a 
        denial of service attack.
        
        NOTE: No Lexmark products support the DTLS protocol; therefore no 
        Lexmark products are vulnerable to this issue.
        
        CVE-2014-0195 DLTS invalid fragment vulnerability
        
        A buffer overrun can be triggered by sending an invalid DTLS 
        fragment.
        
        NOTE: No Lexmark products support the DTLS protocol; therefore no 
        Lexmark products are vulnerable to this issue.
        
        CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
        
        A remote attacker could send a specially crafted packet that would 
        trigger a crash leading to a denial of service attack.
        
        CVSS Base Score: 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P) 
        Impact Subscore: 2.9 
        Exploitability Subscore: 8.6
        
        CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection of denial 
        of service
        
        A remote attacker could send a specially crafted packet that would 
        trigger a crash leading to a denial of service attack.
        
        CVSS Base Score: 4.0 (AV:N/AC:H/AU:N/C:N/I:P/A:P) 
        Impact Subscore: 4.9 
        Exploitability Subscore: 4.9
        
        CVE-2014-3470 ECDH denial of service
        
        A remote attacker could trigger a crash leading to a denial of 
        service attack.
        
        CVSS Base Score: 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P)
        Impact Subscore: 2.9 
        Exploitability Subscore: 8.6
        
        CVE-2014-0076 ECDSA NONCE side channel attack
        
        ECDSA nonce is vulnerable to a timing based side channel attack.
        
        CVSS Base Score: 4.3 (AV:N/AC:M/AU:N/C:PI:N/A:N)
        Impact Subscore: 2.9 
        Exploitability Subscore: 8.6
        
        CVSS scores are calculated in accordance with CVSS version 2.0 
        (http://www.first.org/cvss/cvss-guide.html)." [1]


MITIGATION

        Updated firmware or software patches have been created to address 
        these vulnerabilities. Lexmark has advised that customers contact 
        them to receive the updates. Specific details can be found within 
        the original advisory. [1]


REFERENCES

        [1] Multiple OpenSSL Vulnerabilities
            http://support.lexmark.com/index?page=content&id=TE626&locale=en&userlocale=EN_US

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU9rwoBLndAQH1ShLAQLCvA/5AXiIKm4kUNolWDRkPY/tKpMRNTN34uao
n5uWRkMFouYh6H18wE7ENG5DCZJ34PCVIbh5h9IzPN8BMF8tCVcWGz4zkFfLXxVR
Q9DXUAg1e++HPh6xmRvSMJlNVEsva+sjH6+mPJiWoUBLjhInh5ua3BSdBx19O2jm
RMKQ4oN8+Y63ZJ4sR7QTpjP8dIgO2yawLd2PumTE1pZI/CHKmMiyUeSp2/gEO2Si
hvwMTtqoILi8MJI88hQSbgm0rSy6AOCmQmwaQnG2UT07fyVgSWEqAeXuPGbYeR2W
6v8msR/hNZ5VvwYEJCG5V0YodiWDEsq67YO6aILBIEnqDqcYSfNW7+lRjoDphmdO
NhpimGYqD6A/iPq7aheUdudrtnDMtxstKhYec+dMEBlJaKL1OgZa/yb4gqbYvnHN
2qKSXVeXQU+rqCDFz1hh7NywTt3uHwOBd4tJTWXJf0vE/dRYj07lPEhaWT80dzmG
YXqKqPJC9nZKCoA3h2yRgW/9+nFNyq4YhbwYqMY395EyDj6oJ1XnpwNuk+btNaR8
VJoI8mSeuQ9gRUUSXd8gbeFIfTAiHqSsqSdK5mqA1rArEuEBD+dtJxabEN87+Rtz
xUzadO08SVOpcX64k53tFdVVJxZ4v9Q3e7V+X7ke0HRNIvgIVwAJe/oz6G09ADC3
XYXhLTfeoyM=
=uVKk
-----END PGP SIGNATURE-----