Products Affected by SHA-1 Certificate Expiration Available Options for Continuing Remote Services
Security Bulletins for Xerox Products (9)
Xerox® Phaser® 6700 SPAR Release R17-08 081.140.107.25100
Xerox® Phaser® 6700
Contains fix for many vulnerabilities on Phaser 6700.
Xerox Security Bulletin XRX14-008 Bash Shellshock Command Line Interpreter Vulnerability v1.0 11/10/2014
Background A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.
A Bash Shellshock document addressing this vulnerability has been posted to the Xerox Security Site.
NOTE: Review the bulletin for a more complete list of devices.
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
Statements of Volatility for Xerox Products (1)
Updates made surrounding Flash memory where the OS is installed and details of optional hard drive.