Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 758374 - (CVE-2011-4405) CVE-2011-4405 system-config-printer: possible MITM due to use of insecure connections
CVE-2011-4405 system-config-printer: possible MITM due to use of insecure con...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20111116,repor...
: Security
Depends On: 758385
Blocks: 758381
  Show dependency treegraph
 
Reported: 2011-11-29 12:25 EST by Vincent Danen
Modified: 2011-11-30 12:45 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-11-30 12:45:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch from Debian to correct the issue (2.86 KB, patch)
2011-11-29 12:34 EST, Vincent Danen 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2011-11-29 12:25:04 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4405 to
the following vulnerability:

Name: CVE-2011-4405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4405
Assigned: 20111107
Reference: http://www.ubuntu.com/usn/USN-1265-1
Reference: http://www.securityfocus.com/bid/50721
Reference: http://osvdb.org/77214
Reference: http://secunia.com/advisories/46909
Reference: XF:systemconfigprinter-packages-mitm(71394)
Reference: http://xforce.iss.net/xforce/xfdb/71394

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and
11.10, as used by the automatic printer driver download service, uses
an "insecure connection" for queries to the OpenPrinting database,
which allows remote attackers to execute arbitrary code via a
man-in-the-middle (MITM) attack that modifies packages or
repositories.


A patch [1] is available to correct this flaw, and the affected openprinting.py script is found in both Red Hat Enterprise Linux 6 and Fedora.  The original bug [2] is still private.

[1] http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/system-config-printer/oneiric-security/revision/209/debian/patches/74_CVE-2011-4405.patch
[2] https://bugs.launchpad.net/ubuntu/+source/system-config-printer/+bug/882553
Comment 1 Vincent Danen 2011-11-29 12:34:10 EST 
Created attachment 538144 [details]
patch from Debian to correct the issue

Local copy of the patch to fix the flaw.
Comment 2 Vincent Danen 2011-11-29 12:35:07 EST 
Created system-config-printer tracking bugs for this issue

Affects: fedora-all [bug 758385]
Comment 3 Tim Waugh 2011-11-29 12:38:11 EST 
Note that nothing we ship in Fedora or Red Hat Enterprise Linux is actually
vulnerable to this.

Ubuntu was vulnerable in two ways as I understand it.

Firstly, Jockey (their automated firmware downloader) uses the openprinting
download functionality, and we do not ship Jockey.

Secondly there is a facility in system-config-printer for installing drivers
from openprinting.org.  However, we ship system-config-printer in such a way
that it does *not* install driver packages from openprinting.org, only PPDs
(with user consent).  This is not user-configurable -- Ubuntu ships with this
changed at source level.
Comment 6 Vincent Danen 2011-11-30 12:45:25 EST 
Statement:

Not vulnerable. This issue did not affect the versions of system-config-printer as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for installing driver packages from the OpenPrinting database, only PPDs (with user consent).
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.