CVE-2011-4405

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
system-config-printer
bullseye
1.5.14-1
fixed
squeeze
no-dsa
bookworm
1.5.18-1
fixed
sid
1.5.18-3
fixed
trixie
1.5.18-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
system-config-printer
oneiric
Fixed 1.3.6+20110831-0ubuntu9.4
released
natty
Fixed 1.3.1+20110222-0ubuntu16.5
released
maverick
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://osvdb.org/77214
http://secunia.com/advisories/46909
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394
http://osvdb.org/77214
http://secunia.com/advisories/46909
http://www.securityfocus.com/bid/50721
http://www.ubuntu.com/usn/USN-1265-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394