PT-2012-1879 · Canonical · Ubuntu One Client

Published

2012-06-16

Updated

2017-08-29

CVE-2011-4409

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ubuntu One Client versions 10.04 LTS through 12.04 LTS

Description The issue allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack due to improper validation of SSL certificates.

Recommendations For Ubuntu One Client versions 10.04 LTS through 12.04 LTS, consider disabling SSL connections until a patch is available, and restrict access to sensitive information to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-4409

Affected Products

Ubuntu One Client

PT-2012-1879 · Canonical · Ubuntu One Client

CVE-2011-4409

Weakness Enumeration

Related Identifiers

Affected Products

References · 8