|
XEROX WorkCentre Products Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA23265
|
|
|
Release Date:
|
2006-12-06
|
|
Last Update:
|
2006-12-12
|
|
Popularity:
|
7,623 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Xerox WorkCentre
Xerox WorkCentre Pro
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-6427
CVE-2006-6428
CVE-2006-6429
CVE-2006-6430
CVE-2006-6431
CVE-2006-6432
CVE-2006-6433
CVE-2006-6434
CVE-2006-6435
CVE-2006-6436
CVE-2006-6437
CVE-2006-6438
CVE-2006-6439
CVE-2006-6440
CVE-2006-6441
CVE-2006-6467
CVE-2006-6468
CVE-2006-6469
CVE-2006-6470
CVE-2006-6471
CVE-2006-6472
CVE-2006-6473
|
|
Description:
Some vulnerabilities and weaknesses have been reported in various XEROX WorkCentre products, which can be exploited by malicious people to bypass certain security restrictions, expose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder name field, and to the Microsoft Network configuration parameters in the Web User interface is not properly sanitised. This can be exploited to inject and execute arbitrary commands.
2) Certain browser settings may allow unauthorized access. Additionally, an unspecified vulnerability in the Web User Interface can be exploited to bypass the authentication.
3) The TFTP/BOOTP auto configuration can be exploited to manipulate certain configuration settings.
4) An unspecified error within the handling of email signatures can be exploited to display improper items.
5) Requests to web services can be made through HTTP instead of HTTPS. Other unspecified HTTP security issues and a httpd.conf misconfiguration are also reported.
6) An error within the Scan-to-mailbox feature can be exploited to anonymously download secure files. Additionally, it is possible to anonymously download audit log files.
7) The system fails to keep accurate time resulting in incorrect time stamps in audit logs.
8) The embedded Samba version contains various vulnerabilities. Additionally, the SMB "Homes" share is visible and it's possible to browse the file system via SMB.
9) The SNMP agent does not return errors for non-writable objects. Additionally, authentication failure traps can't be enabled or generated.
10) An error within ops3-dmn can be exploited to crash the service and cause a DoS by attaching a PS script.
11) It is possible to bypass the security restriction and boot Alchemy by e.g. using an USB thumb drive.
12) The "Validate Repository SSL Certificate" scan feature does not verify the FQDN.
13) Certain problems with the Immediate Image Overwrite and On Demand Image Overwrite, a Postgress port block, and a http TRACE XSS attack in the network controller are reported.
14) Two boundary errors within the embedded DHCP implementation can be exploited to cause a buffer overflow, which may allow execution of arbitrary code.
Solution:
Apply updated software (see vendor advisories for detailed instructions).
Provided and/or discovered by:
Reported by the vendor.
Changelog:
2006-12-11: Added CVE reference.
2006-12-12: Added CVE reference.
Original Advisory:
Xerox:
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
