UbuntuUSN-1547-1libGData, evolution-data-server vulnerability
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
6 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%
Releases
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04
Packages
- evolution-data-server - Evolution suite data server
- libgdata - Library to access GData services
Details
Vreixo Formoso discovered that the libGData library, as used
by Evolution and other applications, did not properly verify SSL
certificates. A remote attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter data
transmitted via the GData protocol.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.10 | noarch | libgdata13 | < 0.9.1-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 11.10 | noarch | gir1.2-gdata-0.0 | < 0.9.1-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 11.10 | noarch | libgdata-dev | < 0.9.1-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libgdata11 | < 0.8.0-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | gir1.2-gdata-0.0 | < 0.8.0-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libgdata-dev | < 0.8.0-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libgdata1.2-1 | < 2.28.3.1-0ubuntu6.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | evolution-data-server | < 2.28.3.1-0ubuntu6.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | evolution-data-server-dbg | < 2.28.3.1-0ubuntu6.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | evolution-data-server-dev | < 2.28.3.1-0ubuntu6.1 | UNKNOWN |
References
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
6 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%