Candidate: CVE-2010-2432
PublicDate: 2010-06-22 20:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432
 http://cups.org/articles.php?L596
Description:
 The cupsDoAuthentication function in auth.c in the client in CUPS before
 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for
 authorization, which allows remote CUPS servers to cause a denial of
 service (infinite loop) via HTTP_UNAUTHORIZED responses.
Ubuntu-Description:
Notes:
 mdeslaur> hardy and more recent are compiled with HAVE_GSSAPI support, so
 mdeslaur> we're not affected by this. Dapper doesn't seem to bail out
 mdeslaur> after a certain number of renegotiation attempts. This may be
 mdeslaur> a problem, need to investigate.
Bugs:
 http://cups.org/str.php?L3518
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_cups:
upstream_cups: released (1.4.4)
dapper_cups: DNE
hardy_cups: DNE
jaunty_cups: not-affected
karmic_cups: not-affected
lucid_cups: not-affected
maverick_cups: not-affected
natty_cups: not-affected
devel_cups: not-affected

Patches_cupsys:
upstream_cupsys: released (1.4.4)
dapper_cupsys: ignored (reached end-of-life)
hardy_cupsys: not-affected
jaunty_cupsys: DNE
karmic_cupsys: DNE
lucid_cupsys: DNE
maverick_cupsys: DNE
natty_cupsys: DNE
devel_cupsys: DNE