CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.4%
Marc Deslauriers discovered that system-config-printer’s cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.10 | noarch | python-cupshelpers | < 1.3.6+20110831-0ubuntu9.4 | UNKNOWN |
Ubuntu | 11.10 | noarch | system-config-printer-udev | < 1.3.6+20110831-0ubuntu9.4 | UNKNOWN |
Ubuntu | 11.04 | noarch | python-cupshelpers | < 1.3.1+20110222-0ubuntu16.5 | UNKNOWN |
Ubuntu | 11.04 | noarch | system-config-printer-udev | < 1.3.1+20110222-0ubuntu16.5 | UNKNOWN |