SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   Xerox WorkCentre Vendors:   Xerox
Xerox WorkCentre Pro Multiple PostScript Processing Errors Let Remote Users Deny Service
SecurityTracker Alert ID:  1015738
SecurityTracker URL:  http://securitytracker.com/id/1015738
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 8 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.001.02.074
Description:   Several vulnerabilities were reported in Xerox WorkCentre Pro and Xerox CopyCentre. A remote user can cause denial of service conditions.

A remote user can send a specially crafted PostScript file to the target printer to trigger a buffer overflow in the PostScript file interpreter code and cause denial of service conditions on the target system.

A remote user can send a specially crafted PostScript file to traverse the directory and cause denial of service conditions on the target system.

A remote user can send a specially crafted PostScript file designed to expose TCP/IP ports to cause denial of service conditions on the target system.

A remote user can trigger a memory error in the web server code to cause denial of service conditions.

An unspecified vulnerability exists in the ESS/Network Controller. A user may be able to disconnect power to cause Immediate Image Overwrite to fail without indication.

The WorkCentre Pro 65, 75, and 90 models are affected. The CopyCentre C65, C75, and C90 models are affected.

Impact:   A remote user can cause denial of service conditions on the target system.
Solution:   The vendor has issued a fixed version (1.001.02.074).

This security bulletin supersedes Security Bulletin XRX04-008.

The vendor's advisory is available at:

http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf

Vendor URL:  www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf (Links to External Site)
Cause:   Boundary error, Exception handling error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC