• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code Execution Vulnerability

Xerox WorkCentre/WorkCentre Pro are prone to a remote code-execution vulnerability because their ESS/Network Controllers fail to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs because of errors within the Samba code that handles printer-sharing services for SMB (Server Message Block) clients.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.

NOTE: This BID is being retired because the vulnerability is already documented in BID 29404 (Samba 'receive_smb_raw()' Buffer Overflow Vulnerability).