Vulnerability Description
The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 10.04 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/49442Vendor Advisory
- http://ubuntu.com/usn/usn-1465-1Vendor Advisory
- http://ubuntu.com/usn/usn-1465-2Vendor Advisory
- http://ubuntu.com/usn/usn-1465-3
- http://www.osvdb.org/82748
- http://www.securityfocus.com/bid/53828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76113
- http://secunia.com/advisories/49442Vendor Advisory
- http://ubuntu.com/usn/usn-1465-1Vendor Advisory
- http://ubuntu.com/usn/usn-1465-2Vendor Advisory
- http://ubuntu.com/usn/usn-1465-3
- http://www.osvdb.org/82748
- http://www.securityfocus.com/bid/53828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76113
FAQ
What is CVE-2011-4409?
CVE-2011-4409 is a vulnerability with a CVSS score of 7.5 (HIGH). The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive inform...
How severe is CVE-2011-4409?
CVE-2011-4409 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4409?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux.