Lucene search

PRIOn knowledge basePRION:CVE-2011-4405

HistoryNov 29, 2011 - 5:55 p.m.

Deserialization of untrusted data

2011-11-2917:55:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.3%

JSON

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an “insecure connection” for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

CPENameOperatorVersion
ubuntu_linuxeq11.04
ubuntu_linuxeq11.10

CPE	Name	Operator	Version
	ubuntu_linux	eq	11.04
	ubuntu_linux	eq	11.10

References

osvdb.org/77214

secunia.com/advisories/46909

www.securityfocus.com/bid/50721

www.ubuntu.com/usn/USN-1265-1

exchange.xforce.ibmcloud.com/vulnerabilities/71394

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.3%

JSON

Related for PRION:CVE-2011-4405