Xerox WorkCentre Multiple Page Fax Information Disclosure Vulnerability

Bugtraq ID:	12787
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 11 2005 12:00AM
Updated:	Mar 11 2005 12:00AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	Xerox WorkCentre M24 1.0 1 Xerox WorkCentre M24 1.0
Not Vulnerable:

Xerox WorkCentre Multiple Page Fax Information Disclosure Vulnerability

An information disclosure vulnerability affects Xerox WorkCentre devices. This issue is due to a design error that may facilitate information disclosure under certain extreme conditions when an unsuspecting user sends a multi-page fax.

This issue may facilitate the disclosure of potentially sensitive information.

Xerox WorkCentre Multiple Page Fax Information Disclosure Vulnerability

No exploit is required to leverage this issue.

Xerox WorkCentre Multiple Page Fax Information Disclosure Vulnerability

Solution:
The vendor has released SECURITY BULLETIN XRX 05-002 dealing with this issue. The vendor advises that affected users contact the Xerox Welcome Center at 1-800-821-2797 in North America or their Xerox Service provider in other parts of the world. Please see the referenced advisory for more information.

Xerox WorkCentre Multiple Page Fax Information Disclosure Vulnerability

References:

• XEROX SECURITY BULLETIN XRX 05-002: Vulnerability in WorkCentre fax software (Xerox)