Re: Security bug in Xerox Document Centre

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Security bug in Xerox Document Centre
From: K.Schleede <USA.DSSC.Doc.Feedback@xxxxxxxxx>
Date: 16 Jan 2004 15:34:49 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20031220000206.17997.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Thank you, Mr. Gutierrez and Mr. Pierce, for finding and pointing out the HTTP 
web page security vulnerability. (Originally posted, 19 December 2003.)

The Office Group, worldwide has developed action plans that seem to be most 
appropriate to address the recently discovered security vulnerability issue on 
Document Centre and WorkCentre / WorkCentre Pro products. Most of these 
products have patches available today, the rest will have them as soon as they 
can be finished.

For customers concerned about hackers attempting to access Document Centre / 
WorkCentre Pro (connected) products, a "patch" has been (or will be) created to 
eliminate this vulnerability.  Each family of products has/will have a patch 
customized for that family.   The patches can be installed by the customer's IT 
department or SA.
------------------------------------------------------------------------
Each customer who would like to have one or more of these patches should 
contact their support organization.  
------------------------------------------------------------------------
The support group will help them determine which patches they need and ensure 
the customer gets the patches and instructions to install them.  Please contact 
your typical support organization via phone.  The correct phone number for your 
country can be found at www.xerox.com. (Choose your region from the very top 
pull-down box.)

Xerox development teams take any security issue extremely seriously and are 
firmly committed to resolving them as soon as possible in order to continue to 
provide our customers with the most dependable network security available.

Other security information about Xerox products is available at 
www.xerox.com/security.

Please consult the bulletin "Xerox MicroServer Web Server Vulnerability: Xerox 
Security Bulletin XRX04-001"  located at that site for instructions on how to 
obtain a patch for your product.

Security issues in Xerox products can be reported to Xerox via your normal 
support organization (preferred) or the email address: 
USA.DSSC.Doc.Feedback@xxxxxxxxxxxxxxxxx

Thank you for your patience while we worked to resolve this problem!

Prev by Date: OpenSSL ASN.1 parsing bugs PoC / brute forcer
Next by Date: The Bat! 2.01 memory corruption
Previous by thread: Re: Security bug in Xerox Document Centre
Next by thread: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
Index(es):
- Date
- Thread