Xerox CopyCentre and WorkCentre Pro Web server memory corruption denial of service

xerox-web-corruption-dos (25175) The risk level is classified as LowLow Risk

Description:

Multiple Xerox CopyCentre and WorkCentre Pro multi-function printers are vulnerable to a denial of service attack, caused by a memory corruption error in the Web server. A remote attacker could exploit this vulnerability to cause the affected system to crash.

Platforms Affected:

  • Xerox, CopyCentre C65 1.001.02.0715
  • Xerox, CopyCentre C65 1.001.02.073
  • Xerox, CopyCentre C75 1.001.02.0715
  • Xerox, CopyCentre C75 1.001.02.073
  • Xerox, CopyCentre C90 1.001.02.0715
  • Xerox, CopyCentre C90 1.001.02.073
  • Xerox, WorkCentre Pro 65 1.001.02.0715
  • Xerox, WorkCentre Pro 65 1.001.02.073
  • Xerox, WorkCentre Pro 75 1.001.02.0715
  • Xerox, WorkCentre Pro 75 1.001.02.073
  • Xerox, WorkCentre Pro 90 1.001.02.0715
  • Xerox, WorkCentre Pro 90 1.001.02.073

Remedy:

Upgrade to the latest system software version (1.001.02.074 or 1.001.02.716 or later), as listed in Xerox Security Bulletin XRX06-002. See References.

Consequences:

Denial of Service

References:

  • XEROX SECURITY BULLETIN XRX06-002, System software versions available to address denial of service and other vulnerabilities in ESS at http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf.
  • BID-17014: Xerox WorkCentre / CopyCentre Multiple Vulnerabilities
  • CVE-2006-1138: Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.
  • SA19146: Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service Vulnerabilities
  • SECTRACK ID: 1015738: Xerox WorkCentre Pro Multiple PostScript Processing Errors Let Remote Users Deny Service
  • VUPEN/ADV-2006-0857: Xerox WorkCentre and CopyCentre Multiple Denial of Service Vulnerabilities

Reported:

Mar 06, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page