The cupsDoAuthentication function in auth.c in the client in CUPS before
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
mdeslaur> hardy and more recent are compiled with HAVE_GSSAPI support, so
mdeslaur> we're not affected by this. Dapper doesn't seem to bail out
mdeslaur> after a certain number of renegotiation attempts. This may be
mdeslaur> a problem, need to investigate.
|Ubuntu 8.04 LTS (Hardy Heron):||not-affected
|Ubuntu 10.04 LTS (Lucid Lynx):||DNE
|Ubuntu 11.04 (Natty Narwhal):||DNE
|Ubuntu 11.10 (Oneiric Ocelot):||DNE
Updated: 2012-06-01 15:21:08 UTC (commit 5347)