Ubuntu 'ubuntuone-couch' Package SSL Certificate Validation Information Disclosure Vulnerability
BID:52253
Info
Ubuntu 'ubuntuone-couch' Package SSL Certificate Validation Information Disclosure Vulnerability
| Bugtraq ID: | 52253 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2012 12:00AM |
| Updated: | Mar 01 2012 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Ubuntu ubuntuone-couch 0 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 |
| Not Vulnerable: | |
Discussion
Ubuntu 'ubuntuone-couch' Package SSL Certificate Validation Information Disclosure Vulnerability
Ubuntu 'ubuntuone-couch' package is prone to an information disclosure vulnerability.
An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks.
Ubuntu 'ubuntuone-couch' package is prone to an information disclosure vulnerability.
An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks.
Exploit / POC
Ubuntu 'ubuntuone-couch' Package SSL Certificate Validation Information Disclosure Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
References
Ubuntu 'ubuntuone-couch' Package SSL Certificate Validation Information Disclosure Vulnerability
References:
References:
- ubuntuone-couch doesn't do certificate validation (Ubuntu)
- ubuntuone-couch Homepage (Ubuntu)