CVE-2011-4405

EUVD-2011-4334
The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
system-config-printer
bookworm
1.5.18-1
fixed
bullseye
1.5.14-1
fixed
sid
1.5.18-3
fixed
squeeze
no-dsa
trixie
1.5.18-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
system-config-printer
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
Fixed 1.3.1+20110222-0ubuntu16.5
released
oneiric
Fixed 1.3.6+20110831-0ubuntu9.4
released
Common Weakness Enumeration
References
http://osvdb.org/77214
http://secunia.com/advisories/46909
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394
http://osvdb.org/77214
http://secunia.com/advisories/46909
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394