SSL Server Certificate Validation Issue in libobby by Red Hat
CVE-2011-4092

Currently unrated

Key Information:

Vendor: Ubuntu Developers
Status: Obby
Vendor: CVE Published:; 10 February 2014

🔔 Create Ubuntu Developers Vulnerability Alert

What is CVE-2011-4092?

libobby, a library maintained by Red Hat, fails to verify SSL server certificates, allowing remote attackers to impersonate legitimate servers. This vulnerability poses a significant risk as it permits unauthorized access to sensitive information through the execution of man-in-the-middle attacks. Without proper SSL validation, malicious actors can exploit this flaw to spoof servers, leading to potential data breaches and compromise of user data.

References

https://bugzilla.redhat.com/show_bug.cgi?id=750636

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2011/10/30/5

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2011/10/31/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2014
Vulnerability Reserved
Oct 18, 2011