Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4407

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4407
Last Modified 14 May 2014 01:57:52
Published 13 May 2014 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4407

Summary

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10

Application

  • Canonical Software-properties 0.81.13.1


References

CONFIRM - https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210

UBUNTU - USN-1352-1


Last Updated: 27 May 2016 11:05:12