Phaser 6500 Security Information
Xerox Security Bulletin XRX12-007 V1.1 (PDF 1M)
October 02, 2012
Disable software upgrades by default
NOTE: This bulletin has been re-posted as an additional product, the WorkCentre 6015N/I has been included.
The Xerox Phaser 6010, Phaser 6125, Phaser 6128MFP, Phaser 6130, Phaser 6140, Phaser 6180, Phaser 6180MFP, Phaser 6280, Phaser 6500, WorkCentre 3045NI, WorkCentre 6015N/I and the WorkCentre 6505 were shipped with software upgrades enabled by default. The firmware release which changes this default can be downloaded via the links inside the bulletin document. These firmware solutions are classified as Moderate updates.
NOTE: If software upgrade had previously been disabled, software upgrade must be ENABLED on the device at the Local User Interface before this firmware version can be loaded.
Please follow the instructions starting on page 2 for each affected product to install these firmware solutions.
Xerox Security Bulletin XRX12-003 v1.1 (PDF 185.5K)
March 07, 2012
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
Phaser 6500 Statement Of Volatility (PDF 213.1K)
January 27, 2011