CVE-2011-4405

2011-11-2917:55:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an “insecure connection” for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

OSVersionArchitecturePackageVersionFilename
Debian12allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian11allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian10allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian999allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb
Debian13allsystem-config-printer< 1.3.7-1system-config-printer_1.3.7-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	11	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	10	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	999	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb
Debian	13	all	system-config-printer	< 1.3.7-1	system-config-printer_1.3.7-1_all.deb