Xerox WorkCenter Pro ESS/ Network Controller Directory Traversal Vulnerability

Bugtraq ID:	12335
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 24 2005 12:00AM
Updated:	Jan 24 2005 12:00AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	Xerox WorkCentre Pro 55 4.97.20.025 Xerox WorkCentre Pro 55 3.97.20.032 Xerox WorkCentre Pro 55 3.028.11.000 Xerox WorkCentre Pro 55 2.28.11.000 Xerox WorkCentre Pro 55 1.02.353.1 Xerox WorkCentre Pro 55 1.01.108.1 Xerox WorkCentre Pro 45 4.97.20.025 Xerox WorkCentre Pro 45 3.97.20.032 Xerox WorkCentre Pro 45 3.028.11.000 Xerox WorkCentre Pro 45 2.28.11.000 Xerox WorkCentre Pro 45 1.02.353.1 Xerox WorkCentre Pro 45 1.01.108.1 Xerox WorkCentre Pro 40 Color Xerox WorkCentre Pro 35 4.97.20.025 Xerox WorkCentre Pro 35 3.97.20.032 Xerox WorkCentre Pro 35 3.028.11.000 Xerox WorkCentre Pro 35 2.28.11.000 Xerox WorkCentre Pro 35 1.02.353.1 Xerox WorkCentre Pro 35 1.01.108.1 Xerox WorkCentre Pro 32 Color Xerox WorkCentre M55 4.97.20.025 Xerox WorkCentre M55 4.84.16.000 Xerox WorkCentre M55 2.97.20.032 Xerox WorkCentre M45 4.97.20.025 Xerox WorkCentre M45 4.84.16.000 Xerox WorkCentre M45 2.97.20.032 Xerox WorkCentre M35 4.97.20.025 Xerox WorkCentre M35 4.84.16.000 Xerox WorkCentre M35 2.97.20.032 Xerox WorkCentre 90 1.02.055.2 Xerox WorkCentre 90 1.02.028.3 Xerox WorkCentre 90 1.001.02.076.1 Xerox WorkCentre 90 1.001.00.060 Xerox WorkCentre 90 1.00.60.3 Xerox WorkCentre 75 1.02.055.2 Xerox WorkCentre 75 1.02.028.3 Xerox WorkCentre 75 1.001.02.076.1 Xerox WorkCentre 75 1.001.00.060 Xerox WorkCentre 75 1.00.60.3 Xerox WorkCentre 65 1.02.055.2 Xerox WorkCentre 65 1.02.028.3 Xerox WorkCentre 65 1.001.02.076.1 Xerox WorkCentre 65 1.001.00.060 Xerox WorkCentre 65 1.00.60.3 Xerox WorkCentre 40 Color 01.02.058.4 Xerox WorkCentre 40 Color 01.02.053.1 Xerox WorkCentre 40 Color 01.00.060 Xerox WorkCentre 32 Color 01.02.058.4 Xerox WorkCentre 32 Color 01.02.053.1 Xerox WorkCentre 32 Color 01.00.060 Xerox WorkCentre +PS M55 1.02.358.3 Xerox WorkCentre +PS M55 1.01.108.1 Xerox WorkCentre +PS M45 1.02.358.3 Xerox WorkCentre +PS M45 1.01.108.1 Xerox WorkCentre +PS M35 1.02.358.3 Xerox WorkCentre +PS M35 1.01.108.1 Xerox Document Centre 555 Xerox Document Centre 545 Xerox Document Centre 535 Xerox Document Centre 490 Xerox Document Centre 480 Xerox Document Centre 470 Xerox Document Centre 460 Xerox Document Centre 440 Xerox Document Centre 432 Xerox Document Centre 430 Xerox Document Centre 426 Xerox Document Centre 425 Xerox Document Centre 420 Xerox Document Centre 340 Xerox Document Centre 332 Xerox Document Centre 265 Xerox Document Centre 255 Xerox Document Centre 240 Xerox Document Centre 230 Xerox Document Centre 220
Not Vulnerable:

Xerox WorkCenter Pro ESS/ Network Controller Directory Traversal Vulnerability

A remote directory traversal vulnerability affects Xerox WorkCenter Pro. This issue is due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage this issue to gain access to sensitive files on the affected device, including the encrypted password file.

Xerox WorkCenter Pro ESS/ Network Controller Directory Traversal Vulnerability

No exploit is required to leverage this issue.

Xerox WorkCenter Pro ESS/ Network Controller Directory Traversal Vulnerability

Solution:
Xerox has released SECURITY BULLETIN XRX05-010, XRX04-003, XRX04-005, and XRX04-010 dealing with this issue. Patches have been released as well. Please see the referenced advisories for more information.


Xerox WorkCentre M45 4.84.16.000

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre +PS M35 1.01.108.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre 32 Color 01.02.058.4

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre Pro 32 Color

• Xerox cert_XRX05_001_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX05_001_patch.zip

Xerox Document Centre 470

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre M45 2.97.20.032

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 65 1.02.055.2

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre M35 2.97.20.032

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox Document Centre 440

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox Document Centre 490

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre 40 Color 01.00.060

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre 90 1.001.00.060

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre M35 4.97.20.025

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 32 Color 01.00.060

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 460

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre +PS M55 1.01.108.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 240

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre +PS M35 1.02.358.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre 65 1.001.02.076.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 32 Color 01.02.053.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 255

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre 90 1.02.028.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 340

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre 90 1.00.60.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre 75 1.00.60.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 555

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre M55 2.97.20.032

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 75 1.02.028.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 420

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre M55 4.97.20.025

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 40 Color 01.02.058.4

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre M45 4.97.20.025

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox Document Centre 332

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox Document Centre 230

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox Document Centre 265

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre 65 1.02.028.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre Pro 35 1.02.353.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre Pro 55 1.02.353.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre +PS M45 1.01.108.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 545

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre 75 1.001.02.076.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 90 1.001.02.076.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 75 1.001.00.060

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre 65 1.001.00.060

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip


• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox Document Centre 432

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox Document Centre 535

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre Pro 35 1.01.108.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre +PS M55 1.02.358.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre Pro 45 1.02.353.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre 75 1.02.055.2

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre Pro 55 1.01.108.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre M55 4.84.16.000

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox WorkCentre Pro 45 1.01.108.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre 40 Color 01.02.053.1

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox WorkCentre +PS M45 1.02.358.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 430

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre 90 1.02.055.2

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 426

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox Document Centre 425

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre M35 4.84.16.000

• Xerox cert_XRX04_010_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04_010_patch.zip

Xerox Document Centre 220

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCentre Pro 40 Color

• Xerox cert_XRX05_001_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX05_001_patch.zip

Xerox WorkCentre 65 1.00.60.3

• Xerox cert_PS_Patch_WCP.zip
  http://www.xerox.com/downloads/usa/en/c/cert_PS_Patch_WCP.zip

Xerox Document Centre 480

• Xerox cert_XRX04A_patch.zip
  http://www.xerox.com/downloads/usa/en/c/cert_XRX04A_patch.zip

Xerox WorkCenter Pro ESS/ Network Controller Directory Traversal Vulnerability

References:

• XEROX SECURITY BULLETIN XRX04-003 - Vulnerability in the ESS/Network Controller (Xerox)
  
• XEROX SECURITY BULLETIN XRX04-005 - Vulnerability in the ESS/Network Controller (Xerox)
  
• XEROX SECURITY BULLETIN XRX04-010 - Vulnerability in the ESS/ Network Controller (Xerox)
  
• XEROX SECURITY BULLETIN XRX05-001 - PostScript Directory Traversal Vulnerability (Xerox)
  
• Xerox WorkCenter Pro 32/40 Home Page (Xerox)