-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0116
                     Xerox Security Bulletin XRX13-008
                              24 October 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              ColorQube 92xx CBC
                      ColorQube 92xx SBC
                      WorkCentre 6400
                      WorkCentre 75xx
                      WorkCentre 77xx
Operating System:     Network Appliance
Impact/Access:        Unauthorised Access -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
Member content until: Saturday, November 23 2013

OVERVIEW

        Xerox has identified a vulnerability in multiple of its ColorQube and
        WorkCentre Products. [1]


IMPACT

        Xerox has given the following details about this vulnerability:
        
        "The Xerox products listed below contain code for implementing a remote
        protocol that could be exploited to gain unauthorized access to the 
        device.
        
        The software release indicated below will perform the following action:
        - Remove the affected code that unintentionally created the 
          unauthorized access potential.
        
        A software release for the products listed below has been provided. 
        This release is designed to be installed by the customer. The software 
        release is contained in a zip file and can be accessed via the links 
        below or via the links following this bulletin announcement on
        www.xerox.com/security:
        
        ColorQube 92xx CBC: 
        http://www.xerox.com/downloads/usa/en/c/cert_061.050.223.04800.zip
        
        ColorQube 92xx SBC:
        http://www.xerox.com/downloads/usa/en/c/cert_061.080.223.05100.zip
        
        WorkCentre 6400:
        http://www.xerox.com/downloads/usa/en/c/cert_061.070.100.24201.zip
        
        WorkCentre 75xx:
        http://www.xerox.com/downloads/usa/en/c/cert_061.121.222.06508.zip
        
        WorkCentre 77xx:
        http://www.xerox.com/downloads/usa/en/c/cert_061.090.223.21400.zip
        
        These firmware solutions are classified as a Moderate update." [1]


MITIGATION

        Xerox recommends patching its affected products to the latest version 
        in order to fix this vulnerability. [1]


REFERENCES

        [1] Xerox Security Bulletin XRX13-008
            http://www.xerox.com/download/security/security-bulletin/148ae-4e940cfff7450/cert_XRX13-008_v1.0.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUmiFWxLndAQH1ShLAQKMhRAArXPXA+RXjUHJzMw2x7i6COP9rO380C2p
UcgnK3PhE7xXEtwVTAfwB0NEiLfZRStwiFW6pkOY6ISDsQ/YXaC4TAPM1IqVwniL
fAgqp1ODg8iC2IUXK95CPqFWtAapR70Qadx/PvEESAq12cjsMKh0+TzWBzrIVI5f
vOxmXpX4mGxuoO+BHvOMAwlXUXmh3flln48s2sXDRgLPv9r0vvM+V4DE9iGsnMTc
6QSGcXhhETUfibkDepXXwMbjdZtMrYpyS0ixpPQ5xma4o0EhKRMHYrfTnr3fJHSl
cDTs/Zl+uJ2Th+wRlF+fSkmzbgD8P3QinvJnEmEGBQ9RWrDoCiTTHBBnBurfgVGu
ucrrrcQZ0iR4MWX5PVRdC7MgySNGJHqJGs2aw9/jjpD+LFPaUHAp8pdjfg8UYH/I
YbnGnl+bLluVibvzsS4uVzs3JBMN6lfpvAefydbDzV6uI4cCbDzCgC7OvkUIRrVe
ZPzkWG6BbmG2GehdBAM0krEnR04EyX20EJtZY0LCJqOYn2b27TtcyPFzSK0fvXTm
FmIzjkacwmSNQE1j4F+80XdMkYD6XGocK0DIqPi+bIhCkB4WYdO9arO+zEDdficr
bo0yVWQScaR6FlW+vgb3/JzlaLm3+LEbV5huG8quFF5z9MxIGlgAo3TEQZPfH2Wh
Z/EbJuKAUXE=
=WsLA
-----END PGP SIGNATURE-----