Vulnerability CVE-2006-1136

Vulnerability Name:

CVE-2006-1136 (CCN-25172)

Assigned:

2006-03-06

Published:

2006-03-06

Updated:

2018-09-27

Summary:

Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2006-1136

Source: CCN
Type: SA19146
Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
19146

Source: CCN
Type: SECTRACK ID: 1015738
Xerox WorkCentre Pro Multiple PostScript Processing Errors Let Remote Users Deny Service

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1015738

Source: OSVDB
Type: Broken Link
23724

Source: CCN
Type: OSVDB ID: 23724
XEROX CopyCentre/WorkCentre PostScript File Interpreter Overflow

Source: BID
Type: Third Party Advisory, VDB Entry
17014

Source: CCN
Type: BID-17014
Xerox WorkCentre / CopyCentre Multiple Vulnerabilities

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-0857

Source: CCN
Type: XEROX SECURITY BULLETIN XRX06-002
System software versions available to address denial of service and other vulnerabilities in ESS

Source: CONFIRM
Type: Broken Link, Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf

Source: XF
Type: Third Party Advisory, VDB Entry
xerox-postscript-interpreter-dos(25172)

Source: XF
Type: UNKNOWN
xerox-postscript-interpreter-dos(25172)

Vulnerable Configuration:

Configuration 1:

cpe:/h:xerox:copycentre_c65:*:*:*:*:*:*:*:* (Version <= 1.001.02.073)

OR cpe:/h:xerox:copycentre_c65:*:*:*:*:*:*:*:* (Version >= 1.001.02.074 and < 1.001.02.0715)

OR cpe:/h:xerox:copycentre_c75:*:*:*:*:*:*:*:* (Version <= 1.001.02.073)

OR cpe:/h:xerox:copycentre_c75:*:*:*:*:*:*:*:* (Version >= 1.001.02.074 and < 1.001.02.0715)

OR cpe:/h:xerox:copycentre_c90:*:*:*:*:*:*:*:* (Version <= 1.001.02.073)

OR cpe:/h:xerox:copycentre_c90:*:*:*:*:*:*:*:* (Version >= 1.001.02.074 and < 1.001.02.0715)

OR cpe:/h:xerox:workcentre_65:*:*:pro:*:*:*:*:* (Version <= 1.001.02.073)

OR cpe:/h:xerox:workcentre_65:*:*:pro:*:*:*:*:* (Version >= 1.001.02.074 and < 1.001.02.0715)

OR cpe:/h:xerox:workcentre_75:*:*:pro:*:*:*:*:* (Version <= 1.001.02.073)

OR cpe:/h:xerox:workcentre_75:*:*:pro:*:*:*:*:* (Version >= 1.001.02.074 and < 1.001.02.0715)

OR cpe:/h:xerox:workcentre_90:*:*:pro:*:*:*:*:* (Version <= 1.001.02.073)

OR cpe:/h:xerox:workcentre_90:*:*:pro:*:*:*:*:* (Version >= 1.001.02.074 and < 1.001.02.0715)

Configuration CCN 1:

cpe:/h:xerox:copycentre_c65:1.001.02.0715:*:*:*:*:*:*:*

OR cpe:/h:xerox:copycentre_c65:1.001.02.073:*:*:*:*:*:*:*

OR cpe:/h:xerox:copycentre_c75:1.001.02.0715:*:*:*:*:*:*:*

OR cpe:/h:xerox:copycentre_c75:1.001.02.073:*:*:*:*:*:*:*

OR cpe:/h:xerox:copycentre_c90:1.001.02.0715:*:*:*:*:*:*:*

OR cpe:/h:xerox:copycentre_c90:1.001.02.073:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK