Secunia

Some vulnerabilities and weaknesses have been reported in various XEROX WorkCentre products, which can be exploited by malicious people to bypass certain security restrictions, expose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder name field, and to the Microsoft Network configuration parameters in the Web User interface is not properly sanitised. This can be exploited to inject and execute arbitrary commands.

2) Certain browser settings may allow unauthorized access. Additionally, an unspecified vulnerability in the Web User Interface can be exploited to bypass the authentication.

3) The TFTP/BOOTP auto configuration can be exploited to manipulate certain configuration settings.

4) An unspecified error within the handling of email signatures can be exploited to display improper items.

5) Requests to web services can be made through HTTP instead of HTTPS. Other unspecified HTTP security issues and a httpd.conf misconfiguration are also reported.

6) An error within the Scan-to-mailbox feature can be exploited to anonymously download secure files. Additionally, it is possible to anonymously download audit log files.

7) The system fails to keep accurate time resulting in incorrect time stamps in audit logs.

8) The embedded Samba version contains various vulnerabilities. Additionally, the SMB "Homes" share is visible and it's possible to browse the file system via SMB.

9) The SNMP agent does not return errors for non-writable objects. Additionally, authentication failure traps can't be enabled or generated.

10) An error within ops3-dmn can be exploited to crash the service and cause a DoS by attaching a PS script.

11) It is possible to bypass the security restriction and boot Alchemy by e.g. using an USB thumb drive.

12) The "Validate Repository SSL Certificate" scan feature does not verify the FQDN.

13) Certain problems with the Immediate Image Overwrite and On Demand Image Overwrite, a Postgress port block, and a http TRACE XSS attack in the network controller are reported.

14) Two boundary errors within the embedded DHCP implementation can be exploited to cause a buffer overflow, which may allow execution of arbitrary code.

Solution
Apply updated software (see vendor advisories for detailed instructions).

Provided and/or discovered by
Reported by the vendor.

Changelog
Further details available in Customer Area

Original Advisory
Xerox:
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

Deep Links
Links available in Customer Area