ID CVE-2011-4408
Summary The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 11.04
    cpe:2.3:o:canonical:ubuntu_linux:11.04
  • Canonical Ubuntu Linux 11.10
    cpe:2.3:o:canonical:ubuntu_linux:11.10
CVSS
Base: 6.8 (as of 18-06-2012 - 10:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Ubuntu Local Security Checks
NASL id UBUNTU_USN-1464-1.NASL
description It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2019-02-21
modified 2018-12-01
plugin id 59395
published 2012-06-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=59395
title Ubuntu 11.04 / 11.10 : ubuntu-sso-client vulnerability (USN-1464-1)
refmap via4
bid 53829
osvdb 82747
secunia 49448
ubuntu USN-1464-1
xf ubuntussoclient-ssl-info-disc(76112)
Last major update 18-06-2012 - 10:53
Published 15-06-2012 - 20:55
Last modified 28-08-2017 - 21:30
Back to Top