CVE-2011-4408
Published: 6 June 2012
The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.
Notes
Author | Note |
---|---|
mdeslaur | code is different in precise+, looks ok |
Priority
Status
Package | Release | Status |
---|---|---|
ubuntu-sso-client Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Released
(1.2.1-0ubuntu2.1)
|
|
oneiric |
Released
(1.4.1-0ubuntu1.1)
|
|
precise |
Not vulnerable
|