Vulnerability Description
The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 11.04 |
References
- http://osvdb.org/82747
- http://secunia.com/advisories/49448Vendor Advisory
- http://www.securityfocus.com/bid/53829
- http://www.ubuntu.com/usn/USN-1464-1PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76112
- http://osvdb.org/82747
- http://secunia.com/advisories/49448Vendor Advisory
- http://www.securityfocus.com/bid/53829
- http://www.ubuntu.com/usn/USN-1464-1PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76112
FAQ
What is CVE-2011-4408?
CVE-2011-4408 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or rea...
How severe is CVE-2011-4408?
CVE-2011-4408 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4408?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux.