CVE-2011-4405

Ubuntu Linux 11.04 and 11.10 - Remote Code Execution via Insecure OpenPrinting Database Connection

Title source: manual
STIX 2.1

Description

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77214
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46909
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50721
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71394
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1265-1

Scores

EPSS 0.0349
EPSS Percentile 87.8%

Details

CWE
CWE-20
Status published
Products (2)
canonical/ubuntu_linux 11.04
canonical/ubuntu_linux 11.10
Published Nov 29, 2011
Tracked Since Feb 18, 2026