Launchpad.net

CVE 2011-4408

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

Related bugs and status

CVE-2011-4408 (Candidate) is related to these bugs:

Bug #882055: ubuntu-sso-client doesn't validate ssl certificates

		In	Importance	Status
882055	ubuntu-sso-client doesn't validate ssl certificates	ubuntu-sso-client (Ubuntu)	Medium	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu Single Sign On Client	Undecided	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu One Client	Undecided	Invalid
882055	ubuntu-sso-client doesn't validate ssl certificates	ubuntu-sso-client (Ubuntu Maverick)	Medium	Won't Fix
882055	ubuntu-sso-client doesn't validate ssl certificates	ubuntu-sso-client (Ubuntu Natty)	Medium	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	ubuntu-sso-client (Ubuntu Precise)	Medium	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	ubuntu-sso-client (Ubuntu Oneiric)	Medium	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu Single Sign On Client stable-1-2	High	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu Single Sign On Client stable-1-4	High	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu Single Sign On Client stable-3-0	Undecided	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu Single Sign On Client trunk	Undecided	Fix Released
882055	ubuntu-sso-client doesn't validate ssl certificates	Ubuntu Single Sign On Client stable-4-0	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

UBUNTU: USN-1464-1
BID: 53829
OSVDB: 82747
SECUNIA: 49448
XF: ubuntussoclient-ssl-in...