system-config-printer vulnerability

2011-11-1700:00:00

ubuntu.com

6.3 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

Releases

Ubuntu 11.10
Ubuntu 11.04

Packages

system-config-printer - CUPS integration with HAL

Details

Marc Deslauriers discovered that system-config-printer’s cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.

OSVersionArchitecturePackageVersionFilename
Ubuntu11.10noarchpython-cupshelpers< 1.3.6+20110831-0ubuntu9.4UNKNOWN
Ubuntu11.10noarchsystem-config-printer-udev< 1.3.6+20110831-0ubuntu9.4UNKNOWN
Ubuntu11.04noarchpython-cupshelpers< 1.3.1+20110222-0ubuntu16.5UNKNOWN
Ubuntu11.04noarchsystem-config-printer-udev< 1.3.1+20110222-0ubuntu16.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	11.10	noarch	python-cupshelpers	< 1.3.6+20110831-0ubuntu9.4	UNKNOWN
Ubuntu	11.10	noarch	system-config-printer-udev	< 1.3.6+20110831-0ubuntu9.4	UNKNOWN
Ubuntu	11.04	noarch	python-cupshelpers	< 1.3.1+20110222-0ubuntu16.5	UNKNOWN
Ubuntu	11.04	noarch	system-config-printer-udev	< 1.3.1+20110222-0ubuntu16.5	UNKNOWN