ID

VAR-201002-0311

TITLE

Xerox WorkCentre PJL Daemon Remote Overflow Vulnerability

DESCRIPTION

Xerox WorkCentre is a digital print and copy machine. A buffer overflow vulnerability exists in Xerox WorkCentre's PJL daemon implementation. A remote attacker can cause a crash by sending a malicious request message to the service. The device must be hard restarted before it can resume operation. Xerox WorkCentre is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application. Xerox WorkCentre 4150 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Xerox WorkCentre 4150 PJL Daemon Denial of Service SECUNIA ADVISORY ID: SA38411 VERIFY ADVISORY: http://secunia.com/advisories/38411/ DESCRIPTION: A vulnerability has been reported in Xerox WorkCentre 4150, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the PJL daemon and can be exploited to cause a crash via a specially crafted packet sent to TCP port 9100. SOLUTION: A patch is reportedly available. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's ORIGINAL ADVISORY: http://www.protekresearchlab.com/2010/01/prl-xerox-workcenter-4150-remote-buffer.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

IOT TAXONOMY

AFFECTED PRODUCTS

THREAT TYPE

network

TYPE

Boundary Condition Error

EXTERNAL IDS

REFERENCES

CREDITS

Francis Provencher

SOURCES

LAST UPDATE DATE

2022-05-17T01:38:39.560000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE