CVE-2011-4405

2011-11-2917:55:02

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.032

Percentile

91.4%

JSON

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an “insecure connection” for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

OSVersionArchitecturePackageVersionFilename
Debian12allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian11allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian999allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian13allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	11	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	999	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	13	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb