Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3634

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-3634
Last Modified 03 Mar 2014 10:41:05
Published 28 Feb 2014 07:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-3634

Summary

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 8.04

Application

  • Debian Apt 0.8.0

  • Debian Apt 0.8.1

  • Debian Apt 0.8.10

  • Debian Apt 0.8.10.1

  • Debian Apt 0.8.10.2

  • Debian Apt 0.8.10.3


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353

CONFIRM - https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git;a=blob;f=debian/changelog;hb=HEAD

UBUNTU - USN-1283-1

CONFIRM - http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html


Last Updated: 27 May 2016 10:56:46