Man-in-the-Middle Vulnerability in Software Properties by Canonical
CVE-2011-4407
Currently unrated
Key Information:
- Vendor
Canonical
- Vendor
- CVE Published:
- 14 May 2014
What is CVE-2011-4407?
The ppa.py component of Software Properties, prior to version 0.81.13.3, fails to properly validate the server certificate when downloading PPA GPG key fingerprints. This oversight creates a vulnerability that allows attackers to perform man-in-the-middle (MITM) attacks, enabling them to spoof GPG keys associated with package repositories. Consequently, users may inadvertently trust malicious sources, potentially leading to compromised system integrity and security.