CVE 2011-4409
The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.
Related bugs and status
CVE-2011-4409 (Candidate) is related to these bugs:
Bug #882062: ubuntuone-client doesn't validate ssl certificates
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu) | Medium | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One Client | High | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu Lucid) | Medium | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu Maverick) | Medium | Won't Fix | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu Precise) | Medium | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu Oneiric) | Medium | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu Natty) | Medium | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu) | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu Lucid) | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu Maverick) | Undecided | Won't Fix | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu Natty) | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu Oneiric) | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu Precise) | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-client (Ubuntu Quantal) | Medium | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | ubuntuone-storage-protocol (Ubuntu Quantal) | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol stable-4-0 | High | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol trunk | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol stable-2-0 | Undecided | Won't Fix | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol stable-3-0 | High | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol stable-1-2 | Undecided | Won't Fix | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One storage protocol stable-1-6 | Undecided | Won't Fix | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One Client stable-3-0 | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One Client stable-4-0 | Undecided | Fix Released | ||
882062 | ubuntuone-client doesn't validate ssl certificates | Ubuntu One Client trunk | High | Fix Released |
Bug #988362: Doesn't support protobuf python cpp extension
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
988362 | Doesn't support protobuf python cpp extension | Ubuntu One storage protocol | Medium | Fix Released | ||
988362 | Doesn't support protobuf python cpp extension | Ubuntu One storage protocol stable-4-0 | Medium | Fix Released | ||
988362 | Doesn't support protobuf python cpp extension | Ubuntu One storage protocol trunk | Medium | Fix Released | ||
988362 | Doesn't support protobuf python cpp extension | ubuntuone-storage-protocol (Ubuntu) | Undecided | Fix Released | ||
988362 | Doesn't support protobuf python cpp extension | ubuntuone-storage-protocol (Ubuntu Quantal) | Undecided | Fix Released |
Bug #1009573: package python-ubuntuone-client 1.2.2-0ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1009573 | package python-ubuntuone-client 1.2.2-0ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 | ubuntuone-client (Ubuntu) | High | Fix Released |
Bug #1011666: Tests failing when ubuntuone-storage-protocol not already installed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | Ubuntu One storage protocol | High | Fix Released | ||
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | Ubuntu One storage protocol stable-4-0 | High | Fix Released | ||
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | Ubuntu One storage protocol trunk | High | Fix Released | ||
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | ubuntuone-storage-protocol (Ubuntu) | Undecided | Fix Released | ||
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | ubuntuone-storage-protocol (Ubuntu Quantal) | Undecided | Fix Released | ||
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | Ubuntu One storage protocol stable-3-0 | Undecided | Fix Released | ||
1011666 | Tests failing when ubuntuone-storage-protocol not already installed | ubuntuone-storage-protocol (Ubuntu Precise) | Undecided | Fix Released |
Bug #1081144: [lucid] ubuntuone-preferences: SSL hostname validation failed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1081144 | [lucid] ubuntuone-preferences: SSL hostname validation failed | Ubuntu One Client | Undecided | Won't Fix | ||
1081144 | [lucid] ubuntuone-preferences: SSL hostname validation failed | ubuntuone-client (Ubuntu) | Medium | Won't Fix |
See the
CVE page on Mitre.org
for more details.