SB2012082613 - MitM attack in GNOME libgdata
Published: August 26, 2012 Updated: September 5, 2022
Security Bulletin ID
SB2012082613
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Certificate Validation (CVE-ID: CVE-2012-1177)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing certificate validation. A remote attacker can perform Man-in-the-Middle (MitM) attack.Remediation
Install update from vendor's website.
References
- http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
- http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
- http://secunia.com/advisories/50432
- http://www.debian.org/security/2012/dsa-2482
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:111
- http://www.openwall.com/lists/oss-security/2012/03/14/1
- http://www.openwall.com/lists/oss-security/2012/03/14/3
- http://www.openwall.com/lists/oss-security/2012/03/14/8
- http://www.ubuntu.com/usn/USN-1547-1
- https://bugs.launchpad.net/ubuntu/+source/libgdata/+bug/938812
- https://bugzilla.gnome.org/show_bug.cgi?id=671535
- https://bugzilla.novell.com/show_bug.cgi?id=752088