Xerox WorkCentre Multiple Samba Vulnerabilities (XRX08-001)

Critical Nessus Plugin ID 29965


The remote multi-function device is affected by multiple issues.


According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly is affected by multiple buffer overflow and remote command injection issues. Using specially- crafted RPC requests, an unauthenticated attacker could leverage these issues to run arbitrary code on the affected device or make unauthorized changes to its system configuration.


Apply the P32 patch as described in the Xerox security bulletin referenced above.

See Also

Plugin Details

Severity: Critical

ID: 29965

File Name: xerox_xrx08_001.nasl

Version: $Revision: 1.15 $

Type: remote

Family: Misc.

Published: 2008/01/14

Modified: 2016/05/04

Dependencies: 18141

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/07/11

Vulnerability Publication Date: 2007/05/14

Exploitable With


Core Impact

Metasploit (Samba "username map script" Command Execution)

Reference Information

CVE: CVE-2007-2446, CVE-2007-2447

BID: 23972, 23973, 24195, 24196, 24197, 24198

OSVDB: 34699, 34700, 34731, 34732, 34733