Xerox DocuCentre / WorkCentre Postscript Interpreter Traversal (XRX05-001)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote web server is prone to a directory traversal attack.

Description :

According to its model number and software versions, the remote host
is a Xerox Document Centre or WorkCentre device in which the
PostScript interpreter may allow unauthorized access to the underlying
directory structure. Using a specially crafted PostScript file, an
attacker could exploit this flaw and gain access to sensitive files on
the affected device, including its encrypted password file.

See also :

Solution :

Apply the appropriate patches as described in the Xerox security

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 18266 ()

Bugtraq ID: 12335