Xerox CopyCentre and WorkCentre Pro Web server memory corruption denial of service

xerox-web-corruption-dos (25175) The risk level is classified as MediumMedium Risk

Description:

Multiple Xerox CopyCentre and WorkCentre Pro multi-function printers are vulnerable to a denial of service attack, caused by a memory corruption error in the Web server. A remote attacker could exploit this vulnerability to cause the affected system to crash.


Consequences:

Denial of Service

Remedy:

Upgrade to the latest system software version (1.001.02.074 or 1.001.02.716 or later), as listed in Xerox Security Bulletin XRX06-002. See References.

References:

  • XEROX SECURITY BULLETIN XRX06-002: System software versions available to address denial of service and other vulnerabilities in ESS.
  • BID-17014: Xerox WorkCentre / CopyCentre Multiple Vulnerabilities
  • CVE-2006-1138: Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.
  • SA19146: Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service Vulnerabilities
  • SECTRACK ID: 1015738: Xerox WorkCentre Pro Multiple PostScript Processing Errors Let Remote Users Deny Service
  • VUPEN/ADV-2006-0857: Xerox WorkCentre and CopyCentre Multiple Denial of Service Vulnerabilities

Platforms Affected:

  • Xerox CopyCentre C65 1.001.02.0715
  • Xerox CopyCentre C65 1.001.02.073
  • Xerox CopyCentre C75 1.001.02.0715
  • Xerox CopyCentre C75 1.001.02.073
  • Xerox CopyCentre C90 1.001.02.0715
  • Xerox CopyCentre C90 1.001.02.073
  • Xerox WorkCentre Pro 65 1.001.02.0715
  • Xerox WorkCentre Pro 65 1.001.02.073
  • Xerox WorkCentre Pro 75 1.001.02.0715
  • Xerox WorkCentre Pro 75 1.001.02.073
  • Xerox WorkCentre Pro 90 1.001.02.0715
  • Xerox WorkCentre Pro 90 1.001.02.073

Reported:

Mar 06, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page