Lexmark International Inc. Information for VU#107186

Multiple vulnerabilities in SNMPv1 trap handling

Status

Not Affected

Vendor Statement

      Lexmark International has tested the current MarkNet network adapters
      and current Lexmark Utilities (MarkVision Professional) according to
      recommendations issued by CERT.   Lexmark Utilities are not
      vulnerable.  Below is a list of tested MarkNet devices and
      information on obtaining updated network firmware when necessary:

      Printer/Network Adapter type            Fix Revision (if applicable)

      Lexmark E322n Laser Printer            4.20.14 or greater
      Lexmark T520n Laser Printer            Not vulnerable
      Lexmark T522n Laser Printer            Not vulnerable
      Lexmark T620n Laser Printer            Not vulnerable
      Lexmark T622n Laser Printer            Not vulnerable
      Lexmark Optra W810n Laser Printer        3.20.14 or greater
      Lexmark W820n Laser Printer            Not vulnerable
      Lexmark Optra C710nSBE Laser Printer        3.20.14 or greater
      Lexmark Optra C710n Laser Printer        3.20.14 or greater
      Lexmark C720n Color Laser Printer        3.20.14 or greater
      Lexmark C720dn Color Laser Printer        3.20.14 or greater
      Lexmark C750n Color Printer            Not vulnerable
      Lexmark C750dn Color Printer            Not vulnerable
      Lexmark C910n Color Printer            Not vulnerable
      Lexmark C910dn Color Printer            Not vulnerable
      Lexmark Optra Color 45n            3.20.14 or greater
      Lexmark Optra T610n Laser Printer        3.20.14 or greater

      MarkNet N2001e                 3.20.14 or greater
      MarkNet N2000t                   3.20.14 or greater
      MarkNet N2002e                 3.20.14 or greater
      MarkNet N2003fx-MTRJ             3.20.14 or greater
      MarkNet N2003fx-SC                  3.20.14 or greater

      MarkNet N2401e                 5.20.14 or greater
      MarkNet N2501e                 5.20.14 or greater

      MarkNet X2011e                 4.20.14 or greater
      MarkNet X2012e                 4.20.14 or greater
      MarkNet X2030t                 4.20.14 or greater
      MarkNet X2031e                 4.20.14 or greater
      MarkNet XI                    4.20.14 or greater
      MarkNet XP                    4.20.14 or greater

      MarkNet Pro network family            2.10.193 or greater
      MarkNet S network family            1.10.193 or greater

      Lexmark X820e MFP                Not vulnerable
      Lexmark X7500 MFP                   Not vulnerable

      None of the Lexmark network adapters are vulnerable once the
      community name is changed.  If unable to update to one of the above
      firmware levels, Lexmark recommends changing the community name.

      Firmware updates are available at:
      http://support.lexmark.com/en/cert_ca-2002-03.html

      For questions related to these or other Lexmark devices please
      contact 1-800-LEXMARK.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.