Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4405

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4405
Last Modified 30 Nov 2011 12:11:27
Published 29 Nov 2011 12:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4405

Summary

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10


References

XF - systemconfigprinter-packages-mitm(71394)

UBUNTU - USN-1265-1

BID - 50721

SECUNIA - 46909

OSVDB - 77214

Related Patches

Novell SUSE 2012:5607 system-config-printer security update for SLE 11 SP1 i586

Novell SUSE 2012:5607 system-config-printer security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:57:48