CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
78.4%
The cupsDoAuthentication function in auth.c in the client in CUPS before
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
Author | Note |
---|---|
mdeslaur | hardy and more recent are compiled with HAVE_GSSAPI support, so we’re not affected by this. Dapper doesn’t seem to bail out after a certain number of renegotiation attempts. This may be a problem, need to investigate. |