Full Report
In a previous post, the author broke the firmware encryption that was using Wireless Trusted Module (WSM) on a printer. This time, they target WSM itself. They didn't have a root shell on the device from their friends previous backdoor. So, they looked around and used an N-day reported by Synacktiv. The lbtraceapp binary has setuid permissions and functions similar to ftrace. By passing it a program, such as /bin/bash, you get root for free. Unfortunately, root doesn't mean all access with capabilities. The lbtraceapp ran as root but didn't have the CAP_SYS_MODULE capability. When looking around at various processes, they found that some shellscript executes sleep which DOES have the capability we need. Since we are root, we can write to the location in /proc/pid/mem with some shellcode to hijack the process. With this, it was time to poke around at the WTM module for real. They didn't feel like cross compiling though. So, they wrote a small daemon that forwards TCP traffic from their machine via the wtm Python client to the device. At first glance, the commands look almost identical to the Trusted Platform Module (TPM) specification with context loading and such. WTM encryption stores customer key information in an encrypted blob on the file system that is then loaded to the chip. In theory, the chip should have a super duper secret key to make it impossible to decrypt offline. What they learned is that some data is preserved between execution of stores and loads of the context. This is super helpful! The file system encryption key is actually wrapped by a different key other than the super duper master key. Since this key is still leftover on the chip, we're able to leak the wrapped key. Why is this helpful? This gives us the ability for offline root filesystem decryption. Can we get code execution in the kernel firmware itself? It turns out that the chip does NOT have its own decided DRAM! By simply writing to /dev/mem, we can overwrite the processor code itself! To do this, they overwrote a virtual unused command to give them an arbitrary read/write primitive that could be accessed via their Python client. They dumped OTP fuses that shouldn't be dumpable. The next step would be dumping the super duper secret AES key! Overall, an awesome series of blog posts on the kernel. To me, it was eye-opening to see how important the permissions of files, memory and other things were for security. If these basic things are messed up then you're in a world of hurt.
Analysis Summary
# Vulnerability: Lexmark WTM Wireless Trusted Module Multiple Flaws
## CVE Details
- **CVE ID**: CVE-2023-26067 (Likely, associated with the primary Synacktiv/ZDI-23-670 report referenced)
- **CVSS Score**: 7.8 (High)
- **CWE**: CWE-269 (Improper Privilege Management), CWE-284 (Improper Access Control)
## Affected Systems
- **Products**: Lexmark Printers (specifically those utilizing Marvell SoCs with WTM)
- **Versions**: Firmware versions prior to the 2023/2024 security updates (Specific version dependent on model).
- **Configurations**: Devices with the `lbtraceapp` binary present with setuid permissions.
## Vulnerability Description
The research identifies a chain of vulnerabilities:
1. **Local Privilege Escalation (LPE)**: The `lbtraceapp` binary, intended for `ftrace` event tracing, has the setuid bit set and allows arbitrary command execution/configuration via the `--apply-config` flag.
2. **Capability Bypass**: While root users are restricted by `CAP_SYS_MODULE` (preventing kernel module loading), a secondary flaw allows a root user to write directly to `/proc/[pid]/mem` of a process that *does* possess the necessary capabilities (e.g., a `sleep` process spawned by a privileged shell script), leading to process hijacking and full kernel access.
3. **Hardware Insecure State**: The Wireless Trusted Module (WTM) firmware lacks memory isolation. Because the chip does not have dedicated DRAM and shares system memory, a user with kernel access can write to `/dev/mem` to overwrite WTM processor code, effectively bypassing all hardware-rooted security boundaries.
## Exploitation
- **Status**: PoC available (detailed in research blog and GitHub).
- **Complexity**: Medium (Requires initial low-privileged access).
- **Attack Vector**: Local (Requires shell access to the printer).
## Impact
- **Confidentiality**: High (Full decryption of the root filesystem, dumping of OTP/eFUSE data, and potential leakage of AES master keys).
- **Integrity**: High (Ability to overwrite kernel modules and security processor firmware).
- **Availability**: High (Full control over the device firmware and hardware state).
## Remediation
### Patches
- Users should update Lexmark printer firmware to the latest available version provided by the vendor. Lexmark frequently releases "Firmware Update" bulletins addressing ZDI and Synacktiv reports.
### Workarounds
- **Disable Network Services**: Reduce the attack surface by disabling unnecessary services (FTP, Telnet, etc.) that could provide the initial shell access needed for this exploit chain.
- **Physical Security**: Prevent unauthorized physical access to the device control panel or debug ports.
## Detection
- **Indicators of Compromise**:
- Presence of unexpected files in `/tmp/` (e.g., `sc.bin`, `f`, `s2`).
- Unrecognized kernel modules loaded (visible via `lsmod`).
- Modified `lbtraceapp` configuration or usage history in system logs.
- **Detection Methods**: Security auditing of setuid binaries and monitoring for unauthorized writes to `/proc/pid/mem`.
## References
- Lexmark Security Advisories: [https://www.lexmark.com/en_us/solutions/security/security-advisories.html](https://www.lexmark.com/en_us/solutions/security/security-advisories.html)
- ZDI Advisory: [https://www.zerodayinitiative.com/advisories/ZDI-23-670/](https://www.zerodayinitiative.com/advisories/ZDI-23-670/)
- Research Code: [https://github.com/blasty/lexmark](https://github.com/blasty/lexmark)
- Original Post: [https://haxx.in/posts/wtm-pwn/](https://haxx.in/posts/wtm-pwn/)