Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4407


Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4407
Last Modified 14 May 2014 01:57:52
Published 13 May 2014 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE


Summary in Software Properties before does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10


  • Canonical Software-properties



UBUNTU - USN-1352-1

Last Updated: 27 May 2016 11:05:12