Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0240

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0240
Last Modified 02 Apr 2013 12:00:00
Published 01 Apr 2013 11:22:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0240

Summary

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

Application

  • Gnome Online Accounts 3.4.0

  • Gnome Online Accounts 3.4.1

  • Gnome Online Accounts 3.6.0

  • Gnome Online Accounts 3.6.1

  • Gnome Online Accounts 3.6.2

  • Gnome Online Accounts 3.7.1

  • Gnome Online Accounts 3.7.2

  • Gnome Online Accounts 3.7.3

  • Gnome Online Accounts 3.7.4


References

MLIST - [gnome-announce-list] 20130304 GNOME Online Accounts 3.6.3 released

CONFIRM - https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e

CONFIRM - https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f

CONFIRM - https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=894352

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=693214

UBUNTU - USN-1779-1

SECUNIA - 52791

SECUNIA - 51976

SUSE - openSUSE-SU-2013:0301


Last Updated: 27 May 2016 11:02:08