CVE-2011-4405

Publication date 17 November 2011

Last updated 24 July 2024

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
system-config-printer	11.10 oneiric	Fixed 1.3.6+20110831-0ubuntu9.4
	11.04 natty	Fixed 1.3.1+20110222-0ubuntu16.5
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

fingerprints are only supported on natty+

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1265-1
system-config-printer vulnerability
17 November 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-4405