| VID |
29113 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Printer |
| Detailed Description |
The Xerox printer device, according to its version number, has a remote directory traversal vulnerability. Xerox Document Centre and WorkCentre are a color printer used for copying, printing, scans, email, fax, and Internet fax. Multiple versions of Xerox Document Centre and WorkCentre could allow a remote attacker to traverse directories on the device, caused by improper validation of user-input in the ESS/Network Controller in the PostScript file interpretation code. By sending a specially crafted PostScript file containing directory traversal characters, a remote attacker could exploit this vulnerability to gain unauthorized access to arbitrary files (e.g. the encrypted password file).
* Note: This check solely relied on the model number and software version number of the remote Xerox Document Centre or WorkCentre device extracted from its embedded Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/13971/
* Platforms Affected:
Multiple versions of Xerox Document Centre and WorkCentre |
| Recommendation |
Apply the appropriate patches, as listed in the following Xerox security bulletins:
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX05_001.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-10.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-05.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-03.pdf |
| Related URL |
(CVE) |
| Related URL |
12335 (SecurityFocus) |
| Related URL |
19028 (ISS) |
|
