V1.0
Xerox® Phaser® 7800
Phaser 7800
Security Bulletins for Xerox Products (11)
Xerox Security Bulletin XRX18-001 (PDF 168.3K)
Products Affected by SHA-1 Certificate Expiration Available Options for Continuing Remote Services
Xerox Security Mini Bulletin XRX17AA V1.0 (PDF 204.7K)
Xerox® Phaser® 7800 R17-09 SPAR Release 081.150.107.24100
Xerox Security Mini Bulletin XRX17G_V1.0 (PDF 185.9K)
SPAR Release R17-04 081.150.107.11800
Xerox Security Mini Bulletin XRX16AE_V1.0 (PDF 185.5K)
Phaser 7800 SPAR Release 081.150.106.28600
Xerox Security Mini Bulletin XRX16AB_V1.0 (PDF 185.5K)
Contains fix for many vulnerabilities on Phaser 7800.
Xerox Security Mini Bulletin XRX15S_V1.0 (PDF 66.7K)
Xerox Security Mini Bulletin XRX15H V1.0 (PDF 187.7K)
Xerox Security Bulletin XRX14-008 V1.0 (PDF 1M)
Xerox Security Bulletin XRX14-008 Bash Shellshock Command Line Interpreter Vulnerability v1.0 11/10/2014
Background A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.
A Bash Shellshock document addressing this vulnerability has been posted to the Xerox Security Site.
NOTE: Review the bulletin for a more complete list of devices.
Xerox Security Bulletin XRX12-012 v1.0 (PDF 71.6K)
The Xerox Phaser 7800 product was shipped with software upgrades enabled by default and with network protocols enabled that could be exploited to gain unauthorized access to the system.
NOTE: If Software Upgrade is currently disabled on the desired device. it must be enabled prior to installation of this software patch. The software release indicated below will perform the following action: • Change the default state of software upgrade to disabled. After installing this firmware/software, software upgrade will be disabled. It can be re-enabled at the Web UI when necessary. • Remove protocols that were not intended to be present in the production configuration.
Details about this bulletin and other Xerox Product Security features can be found at the Xerox Security Site.
The the link to this software needed to upgrade your Phaser 7800 can be found inside the bulletin document or can be downloaded from this link: http://www.support.xerox.com/go/getfile.asp?objid=122181&EULA=28&Xtype=download&uType=
Xerox Security Bulletin XRX12-003 v1.1 (PDF 185.5K)
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
Statements of Volatility for Xerox Products (1)
Phaser 7800 Statement Of Volatility v1.2 (PDF 225.7K)
This post has been updated to correct a model error and clarification on methods to clear NVM.
