GNU Bash "Shellshock" Security Vulnerability
November 13, 2014; information Updated December 05, 2014,
A critical security vulnerability has been reported in the GNU Bash "Shellshock", which is a common command line used in many Linux/UNIX operating systems.
KYOCERA has investigated whether or not its products, software and services are affected. The results are as follows.
KYOCERA products use a special embedded version of the Linux Operating System. There is no access to the Bash prompt from the network, operation panel, USB, or any other interface, therefore, KYOCERA printers and MFPs are not susceptible to the “Shellshock” vulnerability.
"Bash" environment is not implemented in following KYOCERA optional products, and therefore unaffected.
FAX System (*)
IB-23/IB-50/IB-51 / IB-110
"Bash" environment is not implemented in any KYOCERA software/utilities and therefore unaffected.
EFI™ Fiery Printing System(s) - Updated December 05, 2014,
The Fiery Printing System, optional on select KYOCERA color MFPs, uses an embedded Linux Operating System. EFI, the manufacturer of Fiery Printing Systems, has identified a vulnerability that they regard as a low security risk. EFI has created a patch to address the Shellshock vulnerability (Patch FIT 100698425.ps) that was made available on December 1st 2014. More information, as well as the patch itself, for all Linux based Fiery printer servers is available through EFIs System Update and Web Update. It is strongly recommended by EFI that this patch be immediately implemented to all potentially affected Fiery Printing Systems. For more information please speak with your local authorized dealer/reseller.
Cross-Site Scripting (XSS) Vulnerability in KYOCERA Command Center on MFPs/Printers
-- Problem fixed by updated firmware - please download the Technical FAQ --
in 2014 the vulnerability was found in the KYOCERA Command Center* (hereinafter referred to as Command Center) installed in below MFPs and Printers. Therefore Kyocera has developed a countermeasure against the Vulnerability of the Command Center by releasing Firmware* updates for the effected machines
*Note: KYOCERA Command Center refers to the web home page that is installed in the MFP/Printer from which you can verify the operating status of the machine and make settings related to security, network printing, e-mail transmission and advanced networking.
A malicious attacker could cause arbitrary scripting code to be executed on the client-side web browser while the user is accessing the Command Center.
To avoid such an effect, please do not access other web sites when accessing the Command Center as long the Firmware of the Kyocera device is equipped with older Firmware than discribed within the XSS FAQ Bulletin!
- ECOSYS FS-3640MFP / 3540MFP
- ECOSYS FS-6030MFP / 6025MFP
- ECOSYS FS- C2626MFP / C2526MFP
- ECOSYS FS- C2126MFP+ / C2026MFP+ / C2126MFP / C2026MFP
- ECOSYS FS- C8025MFP / C8020MFP
- TASKalfa 265ci
- ECOSYS FS-C5150DN / C5250DN
For more information click here (FAQ about the XSS vulnerability) or contact
- Your dealer
- Kyocera Documents Solutions Hotline
Shellshock Vulnerability in KYOCERA MFPs/Printers
October 03rd, 2014
Since some days security forums in the internet report about the availability of a new serious exploit named "Shellshock"
The "Shellshock" bug has been compared to "Heartbleed" partly because the software at the heart of the "Shellshock" bug, known as Bash, is also widely used in web servers and other types of devices such as e.g. printing and MFP devices.
But the good news is that not all computers running Bash are vulnerable by the “Shellshock” exploited.
Kyocera likes to inform our customers that the Kyocera devices and software listed up blow will be not vulnerable by the “Shellshock” exploit.
*Only the Fiery Printing System is still under investigation, the result of investigation will be informed soon.