CVE-2011-4405: Input Validation
First published: Tue Nov 29 2011(Updated: )
The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =11.04 | |
| Ubuntu | =11.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-4405?
CVE-2011-4405 is classified as a critical vulnerability that allows remote code execution.
How do I fix CVE-2011-4405?
To mitigate CVE-2011-4405, update your Ubuntu system to a supported version where this vulnerability has been patched.
What software is affected by CVE-2011-4405?
CVE-2011-4405 affects Ubuntu 11.04 and 11.10 running the cupshelpers scripts in system-config-printer.
What are the risks associated with CVE-2011-4405?
The primary risk of CVE-2011-4405 is the potential for remote attackers to execute arbitrary code on vulnerable systems.
Is there a workaround for CVE-2011-4405?
A potential workaround for CVE-2011-4405 is to disable the automatic printer driver download service until the system can be updated.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/11.04
- version/ubuntu/11.10