Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-4408

Published: 6 June 2012

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

Notes

AuthorNote
mdeslaur
code is different in precise+, looks ok

Priority

Medium

Status

Package Release Status
ubuntu-sso-client
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Does not exist

lucid Does not exist

natty
Released (1.2.1-0ubuntu2.1)
oneiric
Released (1.4.1-0ubuntu1.1)
precise Not vulnerable