Lucene search
Ubuntu.comUB:CVE-2010-2432HistoryJun 22, 2010 - 12:00 a.m.
CVE-2010-2432
2010-06-2200:00:00
ubuntu.com
ubuntu.com
14
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.006
Percentile
78.4%
The cupsDoAuthentication function in auth.c in the client in CUPS before
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | hardy and more recent are compiled with HAVE_GSSAPI support, so we’re not affected by this. Dapper doesn’t seem to bail out after a certain number of renegotiation attempts. This may be a problem, need to investigate. |
Related
cve
cve
CVE-2010-2432
2010-06-22 20:30:01
cvelist
cvelist
CVE-2010-2432
2010-06-22 20:24:00
prion
prion
Authorization
2010-06-22 20:30:00
debiancve
debiancve
CVE-2010-2432
2010-06-22 20:30:01
nvd
nvd
CVE-2010-2432
2010-06-22 20:30:01
openvas
openvas
CUPS < 1.4.4 Multiple DoS and Privilege Escalation Vulnerabilities
2010-06-21 00:00:00
Mandriva Update for cups MDVSA-2011:146 (cups)
2011-10-14 00:00:00
Mandriva Update for cups MDVSA-2011:146 (cups)
2011-10-14 00:00:00
nessus
nessus
SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180)
2011-12-13 00:00:00
Mandriva Linux Security Advisory : cups (MDVSA-2011:146)
2011-10-11 00:00:00
CUPS < 1.4.4 Multiple Vulnerabilities
2010-07-08 00:00:00
osv
osv
cups - several
2011-03-02 00:00:00
debian
debian
[SECURITY] [DSA 2176-1] cups security update
2011-03-01 23:31:10
gentoo
gentoo
CUPS: Multiple vulnerabilities
2012-07-09 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.006
Percentile
78.4%
Related for UB:CVE-2010-2432