Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0116 Xerox Security Bulletin XRX13-008 24 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ColorQube 92xx CBC ColorQube 92xx SBC WorkCentre 6400 WorkCentre 75xx WorkCentre 77xx Operating System: Network Appliance Impact/Access: Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade Member content until: Saturday, November 23 2013 OVERVIEW Xerox has identified a vulnerability in multiple of its ColorQube and WorkCentre Products. [1] IMPACT Xerox has given the following details about this vulnerability: "The Xerox products listed below contain code for implementing a remote protocol that could be exploited to gain unauthorized access to the device. The software release indicated below will perform the following action: - Remove the affected code that unintentionally created the unauthorized access potential. A software release for the products listed below has been provided. This release is designed to be installed by the customer. The software release is contained in a zip file and can be accessed via the links below or via the links following this bulletin announcement on www.xerox.com/security: ColorQube 92xx CBC: http://www.xerox.com/downloads/usa/en/c/cert_061.050.223.04800.zip ColorQube 92xx SBC: http://www.xerox.com/downloads/usa/en/c/cert_061.080.223.05100.zip WorkCentre 6400: http://www.xerox.com/downloads/usa/en/c/cert_061.070.100.24201.zip WorkCentre 75xx: http://www.xerox.com/downloads/usa/en/c/cert_061.121.222.06508.zip WorkCentre 77xx: http://www.xerox.com/downloads/usa/en/c/cert_061.090.223.21400.zip These firmware solutions are classified as a Moderate update." [1] MITIGATION Xerox recommends patching its affected products to the latest version in order to fix this vulnerability. [1] REFERENCES [1] Xerox Security Bulletin XRX13-008 http://www.xerox.com/download/security/security-bulletin/148ae-4e940cfff7450/cert_XRX13-008_v1.0.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUmiFWxLndAQH1ShLAQKMhRAArXPXA+RXjUHJzMw2x7i6COP9rO380C2p UcgnK3PhE7xXEtwVTAfwB0NEiLfZRStwiFW6pkOY6ISDsQ/YXaC4TAPM1IqVwniL fAgqp1ODg8iC2IUXK95CPqFWtAapR70Qadx/PvEESAq12cjsMKh0+TzWBzrIVI5f vOxmXpX4mGxuoO+BHvOMAwlXUXmh3flln48s2sXDRgLPv9r0vvM+V4DE9iGsnMTc 6QSGcXhhETUfibkDepXXwMbjdZtMrYpyS0ixpPQ5xma4o0EhKRMHYrfTnr3fJHSl cDTs/Zl+uJ2Th+wRlF+fSkmzbgD8P3QinvJnEmEGBQ9RWrDoCiTTHBBnBurfgVGu ucrrrcQZ0iR4MWX5PVRdC7MgySNGJHqJGs2aw9/jjpD+LFPaUHAp8pdjfg8UYH/I YbnGnl+bLluVibvzsS4uVzs3JBMN6lfpvAefydbDzV6uI4cCbDzCgC7OvkUIRrVe ZPzkWG6BbmG2GehdBAM0krEnR04EyX20EJtZY0LCJqOYn2b27TtcyPFzSK0fvXTm FmIzjkacwmSNQE1j4F+80XdMkYD6XGocK0DIqPi+bIhCkB4WYdO9arO+zEDdficr bo0yVWQScaR6FlW+vgb3/JzlaLm3+LEbV5huG8quFF5z9MxIGlgAo3TEQZPfH2Wh Z/EbJuKAUXE= =WsLA -----END PGP SIGNATURE-----