CVE-2010-2432

Priority
Low
Description
The cupsDoAuthentication function in auth.c in the client in CUPS before
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
References
Bugs
Notes
 mdeslaur> hardy and more recent are compiled with HAVE_GSSAPI support, so
 mdeslaur> we're not affected by this. Dapper doesn't seem to bail out
 mdeslaur> after a certain number of renegotiation attempts. This may be
 mdeslaur> a problem, need to investigate.
Package
Upstream:released (1.4.4)
Package
Source: cups (LP Ubuntu Debian)
Upstream:released (1.4.4)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:38:43 UTC (commit 9756)