GNOME Online Accounts CVE-2013-1799 SSL Certificate Validation Security Bypass Vulnerability

Bugtraq ID:	58787
Class:	Design Error
CVE:	CVE-2013-1799
Remote:	Yes
Local:	No
Published:	Mar 04 2013 12:00AM
Updated:	Apr 16 2013 07:09PM
Credit:	Simon McVittie
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64
Not Vulnerable:

GNOME Online Accounts CVE-2013-1799 SSL Certificate Validation Security Bypass Vulnerability

GNOME Online Accounts is prone to a security-bypass vulnerability.

Attackers can exploit this issue to perform man-in-the-middle attacks and gain access to sensitive information, which will aid in further attacks.

GNOME Online Accounts versions prior to 3.6.3 and 3.7.91 are vulnerable.

GNOME Online Accounts CVE-2013-1799 SSL Certificate Validation Security Bypass Vulnerability

An attacker can use readily available network utilities to exploit this issue.

GNOME Online Accounts CVE-2013-1799 SSL Certificate Validation Security Bypass Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

GNOME Online Accounts CVE-2013-1799 SSL Certificate Validation Security Bypass Vulnerability

References: