Lucene search
CanonicalCVE-2011-4408HistoryJun 16, 2012 - 12:55 a.m.
CVE-2011-4408
2012-06-1600:55:05
canonical
web.nvd.nist.gov
32
cve-2011-4408
single sign on client
ubuntu-sso-client
ubuntu 11.04
ubuntu 11.10
ssl certificates
https
remote attackers
mitm attack.
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.006
Percentile
78.5%
The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.
Affected configurations
Node
canonicalubuntu_linuxMatch11.04
ORcanonicalubuntu_linuxMatch11.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 11.04 | cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 11.10 | cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-1464-1)
2012-06-08 00:00:00
Ubuntu Update for ubuntu-sso-client USN-1464-1
2012-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2011-4408
2012-06-06 00:00:00
prion
prion
Code injection
2012-06-16 00:55:00
ubuntu
ubuntu
Ubuntu Single Sign On Client vulnerability
2012-06-06 00:00:00
nessus
nessus
Ubuntu 11.04 / 11.10 : ubuntu-sso-client vulnerability (USN-1464-1)
2012-06-07 00:00:00
cvelist
cvelist
CVE-2011-4408
2012-06-16 00:00:00
nvd
nvd
CVE-2011-4408
2012-06-16 00:55:05
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.006
Percentile
78.5%
Related for CVE-2011-4408