CVE-2010-2432

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

References

http://cups.org/articles.php?L596

http://cups.org/str.php?L3518

http://secunia.com/advisories/43521

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://www.debian.org/security/2011/dsa-2176

http://www.mandriva.com/security/advisories?name=MDVSA-2011:146

http://www.vupen.com/english/advisories/2011/0535

Details

Source: MITRE

Published: 2010-06-22

Updated: 2013-05-15

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* versions up to 1.4.3 (inclusive)

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
59902GLSA-201207-10 : CUPS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
57094SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180)NessusSuSE Local Security Checks
medium
56447Mandriva Linux Security Advisory : cups (MDVSA-2011:146)NessusMandriva Local Security Checks
medium
52484Debian DSA-2176-1 : cups - several vulnerabilitiesNessusDebian Local Security Checks
high
47683CUPS < 1.4.4 Multiple VulnerabilitiesNessusMisc.
high
5574CUPS < 1.4.4 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium