In association with heise online

02 December 2006, 10:10

Updates for security vulnerabilities in Xerox printers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Xerox has fixed a number of security vulnerabilities with the release of a software update for printers in the WorkCentre and WorkCentre Pro series. An attacker could exploit the vulnerabilities to execute arbitrary commands on the printers.

The updates fix a number of bugs on the affected printers. Vulnerabilities in the processing of entered TCP/IP host names, in configuration parameters for Microsoft networking on the web user interface and the scan to mailbox folder name field can be used to infiltrate programs, for example: to install an FTP service. Scan to mailbox can be exploited by anonymous users to download protected files from the printer.

Browser permissions could allow access without the required privileges. If automatic configuration over TFTP and BOOTP is active, they may allow an attacker to change settings without the required privileges. Queries to the web service can run directly over HTTP instead of a secure HTTPS connection.

Xerox WorkCentre and WorkCentre Pro printers with model numbers 232, 238, 245, 255, 265 and 275 are affected. Software versions, and fix the problems. Xerox recommends that administrators install the new versions urgently.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit