NuytsTech Security

CVE-2010-2432

by ·

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

Date published : 2010-06-22

http://cups.org/articles.php?L596

http://cups.org/str.php?L3518

Tags: