---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: XEROX WorkCentre Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23265 VERIFY ADVISORY: http://secunia.com/advisories/23265/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From local network OPERATING SYSTEM: Xerox WorkCentre http://secunia.com/product/4746/ Xerox WorkCentre Pro http://secunia.com/product/4553/ DESCRIPTION: Some vulnerabilities and weaknesses have been reported in various XEROX WorkCentre products, which can be exploited by malicious people to bypass certain security restrictions, expose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder name field, and to the Microsoft Network configuration parameters in the Web User interface is not properly sanitised. This can be exploited to inject and execute arbitrary commands. 2) Certain browser settings may allow unauthorized access. Additionally, an unspecified vulnerability in the Web User Interface can be exploited to bypass the authentication. 3) The TFTP/BOOTP auto configuration can be exploited to manipulate certain configuration settings. 4) An unspecified error within the handling of email signatures can be exploited to display improper items. 5) Requests to web services can be made through HTTP instead of HTTPS. Other unspecified HTTP security issues and a httpd.conf misconfiguration are also reported. 6) An error within the Scan-to-mailbox feature can be exploited to anonymously download secure files. Additionally, it is possible to anonymously download audit log files. 7) The system fails to keep accurate time resulting in incorrect time stamps in audit logs. 8) The embedded Samba version contains various vulnerabilities. Additionally, the SMB "Homes" share is visible and it's possible to browse the file system via SMB. 9) The SNMP agent does not return errors for non-writable objects. Additionally, authentication failure traps can't be enabled or generated. 10) An error within ops3-dmn can be exploited to crash the service and cause a DoS by attaching a PS script. 11) It is possible to bypass the security restriction and boot Alchemy by e.g. using an USB thumb drive. 12) The "Validate Repository SSL Certificate" scan feature does not verify the FQDN. 13) Certain problems with the Immediate Image Overwrite and On Demand Image Overwrite, a Postgress port block, and a http TRACE XSS attack in the network controller are reported. 14) Two boundary errors within the embedded DHCP implementation can be exploited to cause a buffer overflow, which may allow execution of arbitrary code. SOLUTION: Apply updated software (see vendor advisories for detailed instructions). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Xerox: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------