CVE-2010-2432
Priority
Low
Description
The cupsDoAuthentication function in auth.c in the client in CUPS before
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
References
Notes
mdeslaur> hardy and more recent are compiled with HAVE_GSSAPI support, so
mdeslaur> we're not affected by this. Dapper doesn't seem to bail out
mdeslaur> after a certain number of renegotiation attempts. This may be
mdeslaur> a problem, need to investigate.
mdeslaur> we're not affected by this. Dapper doesn't seem to bail out
mdeslaur> after a certain number of renegotiation attempts. This may be
mdeslaur> a problem, need to investigate.
Package
| Upstream: | released (1.4.4) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
Package
| Upstream: | released (1.4.4) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected |
| Ubuntu 11.04 (Natty Narwhal): | not-affected |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected |