CVE-2011-4405

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
system-config-printer
bookworm
1.5.18-1
fixed
bullseye
1.5.14-1
fixed
sid
1.5.18-3
fixed
squeeze
no-dsa
trixie
1.5.18-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
system-config-printer
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
Fixed 1.3.1+20110222-0ubuntu16.5
released
oneiric
Fixed 1.3.6+20110831-0ubuntu9.4
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
python-cupshelpers
suse enterprise sap 12 SP5
1.5.7-7.5
fixed
suse enterprise server 12
1.4.5-1.5
fixed
suse enterprise server 12 SP1
1.4.5-1.5
fixed
suse enterprise server 12 SP2
1.5.7-7.5
fixed
suse enterprise server 12 SP3
1.5.7-7.5
fixed
suse enterprise server 12 SP4
1.5.7-7.5
fixed
suse enterprise server 12 SP5
1.5.7-7.5
fixed
system-config-printer
suse enterprise sap 12 SP5
1.5.7-7.5
fixed
suse enterprise server 12
1.4.5-1.5
fixed
suse enterprise server 12 SP1
1.4.5-1.5
fixed
suse enterprise server 12 SP2
1.5.7-7.5
fixed
suse enterprise server 12 SP3
1.5.7-7.5
fixed
suse enterprise server 12 SP4
1.5.7-7.5
fixed
suse enterprise server 12 SP5
1.5.7-7.5
fixed
system-config-printer-common
suse enterprise sap 12 SP5
1.5.7-7.5
fixed
suse enterprise server 12
1.4.5-1.5
fixed
suse enterprise server 12 SP1
1.4.5-1.5
fixed
suse enterprise server 12 SP2
1.5.7-7.5
fixed
suse enterprise server 12 SP3
1.5.7-7.5
fixed
suse enterprise server 12 SP4
1.5.7-7.5
fixed
suse enterprise server 12 SP5
1.5.7-7.5
fixed
system-config-printer-common-lang
suse enterprise sap 12 SP5
1.5.7-7.5
fixed
suse enterprise server 12
1.4.5-1.5
fixed
suse enterprise server 12 SP1
1.4.5-1.5
fixed
suse enterprise server 12 SP2
1.5.7-7.5
fixed
suse enterprise server 12 SP3
1.5.7-7.5
fixed
suse enterprise server 12 SP4
1.5.7-7.5
fixed
suse enterprise server 12 SP5
1.5.7-7.5
fixed
system-config-printer-dbus-service
suse enterprise sap 12 SP5
1.5.7-7.5
fixed
suse enterprise server 12
1.4.5-1.5
fixed
suse enterprise server 12 SP1
1.4.5-1.5
fixed
suse enterprise server 12 SP2
1.5.7-7.5
fixed
suse enterprise server 12 SP3
1.5.7-7.5
fixed
suse enterprise server 12 SP4
1.5.7-7.5
fixed
suse enterprise server 12 SP5
1.5.7-7.5
fixed
udev-configure-printer
suse enterprise sap 12 SP5
1.5.7-7.5
fixed
suse enterprise server 12
1.4.5-1.5
fixed
suse enterprise server 12 SP1
1.4.5-1.5
fixed
suse enterprise server 12 SP2
1.5.7-7.5
fixed
suse enterprise server 12 SP3
1.5.7-7.5
fixed
suse enterprise server 12 SP4
1.5.7-7.5
fixed
suse enterprise server 12 SP5
1.5.7-7.5
fixed
Common Weakness Enumeration
References
http://osvdb.org/77214
http://secunia.com/advisories/46909
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394
http://osvdb.org/77214
http://secunia.com/advisories/46909
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394