VAR-201002-0311
Vulnerability from variot - Updated: 2022-05-17 01:38Xerox WorkCentre is a digital print and copy machine. A buffer overflow vulnerability exists in Xerox WorkCentre's PJL daemon implementation. A remote attacker can cause a crash by sending a malicious request message to the service. The device must be hard restarted before it can resume operation. Xerox WorkCentre is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application. Xerox WorkCentre 4150 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/
TITLE: Xerox WorkCentre 4150 PJL Daemon Denial of Service
SECUNIA ADVISORY ID: SA38411
VERIFY ADVISORY: http://secunia.com/advisories/38411/
DESCRIPTION: A vulnerability has been reported in Xerox WorkCentre 4150, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the PJL daemon and can be exploited to cause a crash via a specially crafted packet sent to TCP port 9100.
SOLUTION: A patch is reportedly available. Please contact the vendor for more information.
PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's
ORIGINAL ADVISORY: http://www.protekresearchlab.com/2010/01/prl-xerox-workcenter-4150-remote-buffer.html
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201002-0311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "workcentre",
"scope": "eq",
"trust": 0.9,
"vendor": "xerox",
"version": "4150"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"db": "BID",
"id": "38010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francis Provencher",
"sources": [
{
"db": "BID",
"id": "38010"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xerox WorkCentre is a digital print and copy machine. A buffer overflow vulnerability exists in Xerox WorkCentre\u0027s PJL daemon implementation. A remote attacker can cause a crash by sending a malicious request message to the service. The device must be hard restarted before it can resume operation. Xerox WorkCentre is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application. \nXerox WorkCentre 4150 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nXerox WorkCentre 4150 PJL Daemon Denial of Service\n\nSECUNIA ADVISORY ID:\nSA38411\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38411/\n\nDESCRIPTION:\nA vulnerability has been reported in Xerox WorkCentre 4150, which can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error in the PJL daemon and can\nbe exploited to cause a crash via a specially crafted packet sent to\nTCP port 9100. \n\nSOLUTION:\nA patch is reportedly available. Please contact the vendor for more\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nFrancis Provencher, Protek Research Lab\u0027s\n\nORIGINAL ADVISORY:\nhttp://www.protekresearchlab.com/2010/01/prl-xerox-workcenter-4150-remote-buffer.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"db": "BID",
"id": "38010"
},
{
"db": "PACKETSTORM",
"id": "85903"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "38010",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "38411",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-0190",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "85903",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"db": "BID",
"id": "38010"
},
{
"db": "PACKETSTORM",
"id": "85903"
}
]
},
"id": "VAR-201002-0311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
}
]
},
"last_update_date": "2022-05-17T01:38:39.560000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://secunia.com/advisories/38411/"
},
{
"trust": 0.3,
"url": "http://www.office.xerox.com/multifunction-printer/multifunction-over-30ppm/workcentre-4150/enus.html"
},
{
"trust": 0.3,
"url": "http://www.xerox.com"
},
{
"trust": 0.3,
"url": "/archive/1/509275"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/71/"
},
{
"trust": 0.1,
"url": "http://www.protekresearchlab.com/2010/01/prl-xerox-workcenter-4150-remote-buffer.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"db": "BID",
"id": "38010"
},
{
"db": "PACKETSTORM",
"id": "85903"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"db": "BID",
"id": "38010"
},
{
"db": "PACKETSTORM",
"id": "85903"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"date": "2009-12-31T00:00:00",
"db": "BID",
"id": "38010"
},
{
"date": "2010-02-03T10:02:56",
"db": "PACKETSTORM",
"id": "85903"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0190"
},
{
"date": "2010-02-01T17:31:00",
"db": "BID",
"id": "38010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "38010"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xerox WorkCentre PJL Daemon Remote Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0190"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "38010"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…