Ubuntu Software Center Certificate Handling Security Bypass Vulnerability
BID:50754
Info
Ubuntu Software Center Certificate Handling Security Bypass Vulnerability
| Bugtraq ID: | 50754 |
| Class: | Design Error |
| CVE: |
CVE-2011-3150 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2011 12:00AM |
| Updated: | Nov 21 2011 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 11.04 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.10 |
| Not Vulnerable: | |
Discussion
Ubuntu Software Center Certificate Handling Security Bypass Vulnerability
Ubuntu Software Center is prone to a security-bypass vulnerability.
An attacker may be able to exploit this issue through man-in-the-middle attacks to install an arbitrary malicious package on the affected computer.
Ubuntu 11.10, 11.04 and 10.10 are vulnerable.
Ubuntu Software Center is prone to a security-bypass vulnerability.
An attacker may be able to exploit this issue through man-in-the-middle attacks to install an arbitrary malicious package on the affected computer.
Ubuntu 11.10, 11.04 and 10.10 are vulnerable.
Exploit / POC
Ubuntu Software Center Certificate Handling Security Bypass Vulnerability
An attacker can exploit this issue through man-in-the-middle attacks.
An attacker can exploit this issue through man-in-the-middle attacks.
Solution / Fix
Ubuntu Software Center Certificate Handling Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Ubuntu Software Center Certificate Handling Security Bypass Vulnerability
References:
References:
- Ubuntu Homepage (Ubuntu)