CVE-2011-4405

{"id": "CVE-2011-4405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-11-29T17:55:02.387", "references": [{"url": "http://osvdb.org/77214", "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/46909", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.securityfocus.com/bid/50721", "source": "security@ubuntu.com"}, {"url": "http://www.ubuntu.com/usn/USN-1265-1", "source": "security@ubuntu.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71394", "source": "security@ubuntu.com"}, {"url": "http://osvdb.org/77214", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/46909", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/50721", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1265-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71394", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an \"insecure connection\" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories."}, {"lang": "es", "value": "Los scripts cupshelpers en system-config-printer en Ubuntu v11.04 y v11.10, como es usado por el servicio de descarga del controlador autom\u00e1tico de impresi\u00f3n, usa una \"conexi\u00f3n insegura\" para peticiones de la base de datos OpenPrinting, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un ataque 'man-in-the-middle (MITM)' que modifica paquetes o repositorios."}], "lastModified": "2024-11-21T01:32:20.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}