CVE-2011-4407

Software Properties <0.81.13.3 - MITM

Title source: llm
STIX 2.1

Description

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1352-1

Scores

EPSS 0.0063
EPSS Percentile 46.1%

Details

CWE
CWE-20
Status published
Products (5)
canonical/software-properties < 0.81.13.1
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
canonical/ubuntu_linux 11.04
canonical/ubuntu_linux 11.10
Published May 14, 2014
Tracked Since Feb 18, 2026