14 DAY TRIAL // Printer manufacturer Xerox has issued a security patch for several models of its WorkCentre multifunction devices in order to address a critical buffer overflow vulnerability.
The vulnerability affects network-connected all-in-one printers capable of storing documents and is located in the Samba file sharing service.
The flaw, identified as CVE-2010-2063, was discovered by Jun Mao of iDefense Labs and was patched in Samba 3.3.12 in June 2010.
The patch was subsequently ported to many operating systems and devices that make use of the open source package.
The flaw carries a base score of 7.5 on the CVSS scale and can be exploited to crash the system or execute arbitrary code by sending maliciously crafted Service Message Block (SMB) packets.
In the context of Xerox printers this vulnerability can be leveraged to make unauthorized changes to the configuration, though the vendor notes that usernames and passwords are not at risk.
Customers with Xerox WorkCentre 5735, 5740, 5745, 5755, 5765, 5775, 5790 whose system software is version 061.130.000.04205 to 061.131.201.06200 and network controller version is 061.130.06150 to 061.131.06220 are advised to install the newly released P47 patch.
The vendor warns that some network vulnerability scanners might still detect the printers are vulnerable even with the patch applied.
"This is because current network vulnerability scanners can look for the version of Open Source components like Samba implemented in the software to determine potential vulnerabilities, and the P47 patch does not cause the version of Samba to change," Xerox explains in its security bulletin [pdf].
Admins can deploy the patch in several ways, including using the machine upgrade option on the device's web page, using a batch of LPR commands and using XDM or CentreWare Web.
Attacks against printers, although mostly theoretical, are not unheard of. In January, at the ShmooCon security conference, a pair of researchers presented a proof-of-concept attack against networked printers.