lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 16 Jan 2004 15:34:49 -0000
From: K.Schleede <USA.DSSC.Doc.Feedback@...ox.com>
To: bugtraq@...urityfocus.com
Subject: Re: Security bug in Xerox Document Centre


In-Reply-To: <20031220000206.17997.qmail@...www1-symnsj.securityfocus.com>

Thank you, Mr. Gutierrez and Mr. Pierce, for finding and pointing out the HTTP web page security vulnerability. (Originally posted, 19 December 2003.)

The Office Group, worldwide has developed action plans that seem to be most appropriate to address the recently discovered security vulnerability issue on Document Centre and WorkCentre / WorkCentre Pro products. Most of these products have patches available today, the rest will have them as soon as they can be finished.

For customers concerned about hackers attempting to access Document Centre / WorkCentre Pro (connected) products, a "patch" has been (or will be) created to eliminate this vulnerability.  Each family of products has/will have a patch customized for that family.   The patches can be installed by the customer's IT department or SA.
------------------------------------------------------------------------
Each customer who would like to have one or more of these patches should contact their support organization.  
------------------------------------------------------------------------
The support group will help them determine which patches they need and ensure the customer gets the patches and instructions to install them.  Please contact your typical support organization via phone.  The correct phone number for your country can be found at www.xerox.com. (Choose your region from the very top pull-down box.)

Xerox development teams take any security issue extremely seriously and are firmly committed to resolving them as soon as possible in order to continue to provide our customers with the most dependable network security available.

Other security information about Xerox products is available at www.xerox.com/security.

Please consult the bulletin "Xerox MicroServer Web Server Vulnerability: Xerox Security Bulletin XRX04-001"  located at that site for instructions on how to obtain a patch for your product.

Security issues in Xerox products can be reported to Xerox via your normal support organization (preferred) or the email address: USA.DSSC.Doc.Feedback@...usa.xerox.com.

Thank you for your patience while we worked to resolve this problem!

Powered by blists - more mailing lists