Xerox CopyCentre and WorkCentre Pro ESS/Network Controller image overwrite denial of service

xerox-image-overwrite-dos (25176) The risk level is classified as LowLow Risk

Description:

Multiple Xerox CopyCentre and WorkCentre Pro multi-function printers are vulnerable to a denial of service attack, caused by an unspecified vulnerability in the ESS/Network Controller. After an unexpected power failure, the Immediate Image Overwrite feature could fail.

Platforms Affected:

  • Xerox, CopyCentre C65 1.001.02.0715
  • Xerox, CopyCentre C65 1.001.02.073
  • Xerox, CopyCentre C75 1.001.02.0715
  • Xerox, CopyCentre C75 1.001.02.073
  • Xerox, CopyCentre C90 1.001.02.0715
  • Xerox, CopyCentre C90 1.001.02.073
  • Xerox, WorkCentre Pro 65 1.001.02.0715
  • Xerox, WorkCentre Pro 65 1.001.02.073
  • Xerox, WorkCentre Pro 75 1.001.02.0715
  • Xerox, WorkCentre Pro 75 1.001.02.073
  • Xerox, WorkCentre Pro 90 1.001.02.0715
  • Xerox, WorkCentre Pro 90 1.001.02.073

Remedy:

Upgrade to the latest system software version (1.001.02.074 or 1.001.02.716 or later), as listed in Xerox Security Bulletin XRX06-002. See References.

Consequences:

Denial of Service

References:

  • XEROX SECURITY BULLETIN XRX06-002, System software versions available to address denial of service and other vulnerabilities in ESS at http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf.
  • CVE-2006-1139: Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack.
  • SA19146: Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service Vulnerabilities
  • SECTRACK ID: 1015738: Xerox WorkCentre Pro Multiple PostScript Processing Errors Let Remote Users Deny Service
  • VUPEN/ADV-2006-0857: Xerox WorkCentre and CopyCentre Multiple Denial of Service Vulnerabilities

Reported:

Mar 06, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page