CVE-2011-4409 in Ubuntu

CVE-2011-4409

Priority

Medium

Description

The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS
does not properly validate SSL certificates, which allows remote attackers
to spoof a server and modify or read sensitive information via a
man-in-the-middle (MITM) attack.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4409
http://www.ubuntu.com/usn/usn-1465-2
http://www.ubuntu.com/usn/usn-1465-1
http://www.ubuntu.com/usn/usn-1465-3

Bugs

https://bugs.launchpad.net/ubuntu/+source/ubuntuone-client/+bug/882062

Assigned-to

mdeslaur

Package

Source: ubuntuone-client (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (1.2.2-0ubuntu2.2)
Ubuntu 11.04 (Natty Narwhal):	released (1.6.2-0ubuntu2.1)
Ubuntu 11.10 (Oneiric Ocelot):	released (2.0.1-0ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.0.0-0ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (3.99.0-0ubuntu1)

Package

Source: ubuntuone-storage-protocol (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (1.2.0-0ubuntu1.1)
Ubuntu 11.04 (Natty Narwhal):	released (1.6.1-0ubuntu1.2)
Ubuntu 11.10 (Oneiric Ocelot):	released (2.0.1-0ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.0.0-0ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):	released (3.99.0-0ubuntu1)

More Information

Updated: 2012-09-04 14:14:24 UTC (commit 5702)