CVE-2011-4405

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/77214
http://secunia.com/advisories/46909	Vendor Advisory
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

History

No history.

Information

Published : 2011-11-29 17:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-4405

Mitre link : CVE-2011-4405

CVE.ORG link : CVE-2011-4405

JSON object : View

Products Affected

canonical

ubuntu_linux

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-4405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-11-29T17:55:02.387", "references": [{"url": "http://osvdb.org/77214", "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/46909", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.securityfocus.com/bid/50721", "source": "security@ubuntu.com"}, {"url": "http://www.ubuntu.com/usn/USN-1265-1", "source": "security@ubuntu.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71394", "source": "security@ubuntu.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an \"insecure connection\" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories."}, {"lang": "es", "value": "Los scripts cupshelpers en system-config-printer en Ubuntu v11.04 y v11.10, como es usado por el servicio de descarga del controlador autom\u00e1tico de impresi\u00f3n, usa una \"conexi\u00f3n insegura\" para peticiones de la base de datos OpenPrinting, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un ataque 'man-in-the-middle (MITM)' que modifica paquetes o repositorios."}], "lastModified": "2017-08-29T01:30:29.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}