Xerox Security Bulletin XRX14-005
Bash Shellshock Command Line Interpreter Vulnerability
v1.1
10/17/14
Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don't allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.
A software solution consisting of two zip files, each one containing a patch, is provided for the products listed below. This solution will replace the affected version of Bash with an unaffected version of Bash in the Linux Operating System for the affected products.
This solution is designed to be installed by the customer. Each software patch is compressed into a 311 KB zip file and can be accessed via the links below or via the links following this bulletin announcement on www.xerox.com/security.
Patch for applicable software system versions `.071.xxx.yyy.xzzzz': SSConnectKey.071 v2.zip
http://www.xerox.com/downloads/usa/en/s/SSConnectKey.071v2.zip
Patch for software system versions `.072.xxx.yyy.xzzzz': SSConnectKey.072v2.zip
http://www.xerox.com/downloads/usa/en/s/SSConnectKey.072v2.zip
This solution is classified as an Critical patch. Please follow the instructions starting on page 2 for each affected product to install the relevant security patch.
Applicability
This patch applies to network-connected versions only of the following products:
ColorQube® 8700, 8900, 9301, 9302, 9303
WorkCentre® 3655, 5845, 5855, 5865, 5875, 5890, 5945, 5955, 6655, 7220, 7225, 7830, 7835, 7845, 7855, 7970