CVE-2011-4408

2012-06-0600:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.006

Percentile

78.5%

JSON

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10
does not properly validate SSL certificates when using HTTPS, which allows
remote attackers to spoof a server and modify or read sensitive data via a
man-in-the-middle (MITM) attack.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/ubuntu-sso-client/+bug/882055>

Notes

Author	Note
mdeslaur	code is different in precise+, looks ok

OSVersionArchitecturePackageVersionFilename
ubuntu11.04noarchubuntu-sso-client< 1.2.1-0ubuntu2.1UNKNOWN
ubuntu11.10noarchubuntu-sso-client< 1.4.1-0ubuntu1.1UNKNOWN