Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2432

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

Published

2010-06-22T20:30:01.790

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	cups	≤ 1.4.3	Yes
Application	apple	cups	1.1	Yes
Application	apple	cups	1.1.1	Yes
Application	apple	cups	1.1.2	Yes
Application	apple	cups	1.1.3	Yes
Application	apple	cups	1.1.4	Yes
Application	apple	cups	1.1.5	Yes
Application	apple	cups	1.1.5-1	Yes
Application	apple	cups	1.1.5-2	Yes
Application	apple	cups	1.1.6	Yes
Application	apple	cups	1.1.6-1	Yes
Application	apple	cups	1.1.6-2	Yes
Application	apple	cups	1.1.6-3	Yes
Application	apple	cups	1.1.7	Yes
Application	apple	cups	1.1.8	Yes
Application	apple	cups	1.1.9	Yes
Application	apple	cups	1.1.9-1	Yes
Application	apple	cups	1.1.10	Yes
Application	apple	cups	1.1.10-1	Yes
Application	apple	cups	1.1.11	Yes
Application	apple	cups	1.1.12	Yes
Application	apple	cups	1.1.13	Yes
Application	apple	cups	1.1.14	Yes
Application	apple	cups	1.1.15	Yes
Application	apple	cups	1.1.16	Yes
Application	apple	cups	1.1.17	Yes
Application	apple	cups	1.1.18	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.21	Yes
Application	apple	cups	1.1.21	Yes
Application	apple	cups	1.1.21	Yes
Application	apple	cups	1.1.22	Yes
Application	apple	cups	1.1.22	Yes
Application	apple	cups	1.1.22	Yes
Application	apple	cups	1.1.23	Yes
Application	apple	cups	1.1.23	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2.0	Yes
Application	apple	cups	1.2.1	Yes
Application	apple	cups	1.2.2	Yes
Application	apple	cups	1.2.3	Yes
Application	apple	cups	1.2.4	Yes
Application	apple	cups	1.2.5	Yes
Application	apple	cups	1.2.6	Yes
Application	apple	cups	1.2.7	Yes
Application	apple	cups	1.2.8	Yes
Application	apple	cups	1.2.9	Yes
Application	apple	cups	1.2.10	Yes
Application	apple	cups	1.2.11	Yes
Application	apple	cups	1.2.12	Yes
Application	apple	cups	1.3	Yes
Application	apple	cups	1.3	Yes
Application	apple	cups	1.3	Yes
Application	apple	cups	1.3.0	Yes
Application	apple	cups	1.3.1	Yes
Application	apple	cups	1.3.2	Yes
Application	apple	cups	1.3.3	Yes
Application	apple	cups	1.3.4	Yes
Application	apple	cups	1.3.5	Yes
Application	apple	cups	1.3.6	Yes
Application	apple	cups	1.3.7	Yes
Application	apple	cups	1.3.8	Yes
Application	apple	cups	1.3.9	Yes
Application	apple	cups	1.3.10	Yes
Application	apple	cups	1.3.11	Yes
Application	apple	cups	1.4.0	Yes
Application	apple	cups	1.4.1	Yes
Application	apple	cups	1.4.2	Yes

References

http://cups.org/articles.php?L596 Patch, Vendor Advisory ([email protected])
http://cups.org/str.php?L3518 ([email protected])
http://secunia.com/advisories/43521 ([email protected])
http://security.gentoo.org/glsa/glsa-201207-10.xml ([email protected])
http://www.debian.org/security/2011/dsa-2176 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 ([email protected])
http://www.vupen.com/english/advisories/2011/0535 ([email protected])
http://cups.org/articles.php?L596 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://cups.org/str.php?L3518 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43521 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201207-10.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2176 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0535 (af854a3a-2127-422b-91ae-364da2661108)