CVE-2010-2432

Priority
Low
Description
The cupsDoAuthentication function in auth.c in the client in CUPS before
1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
authorization, which allows remote CUPS servers to cause a denial of
service (infinite loop) via HTTP_UNAUTHORIZED responses.
References
Bugs
Notes
mdeslaur> hardy and more recent are compiled with HAVE_GSSAPI support, so
mdeslaur> we're not affected by this. Dapper doesn't seem to bail out
mdeslaur> after a certain number of renegotiation attempts. This may be
mdeslaur> a problem, need to investigate.
Package
Upstream:released (1.4.4)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Source: cups (LP Ubuntu Debian)
Upstream:released (1.4.4)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:08 UTC (commit 5347)