Man-in-the-Middle Vulnerability in Software Properties by Canonical
CVE-2011-4407

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Software-properties
Vendor: CVE Published:; 14 May 2014

Summary

The ppa.py component of Software Properties, prior to version 0.81.13.3, fails to properly validate the server certificate when downloading PPA GPG key fingerprints. This oversight creates a vulnerability that allows attackers to perform man-in-the-middle (MITM) attacks, enabling them to spoof GPG keys associated with package repositories. Consequently, users may inadvertently trust malicious sources, potentially leading to compromised system integrity and security.

References

http://www.ubuntu.com/usn/USN-1352-1

vendor-advisoryx_refsource_UBUNTU

https://bugs.launchpad.net/ubuntu/%2Bsource/software-prop...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 14, 2014
Vulnerability Reserved
Nov 7, 2011