OSVDB ID: 85540

Title: ubiquity-slideshow-ubuntu Twitter Feed Validation MitM Spoofing Weakness

Info

Disclosure

Apr 27, 2012

Discovery

Unknown

Dates

Exploit

Apr 27, 2012

Solution

Sep 10, 2012

Description

ubiquity-slideshow-ubuntu contains a flaw that is triggered when the application fails to properly validate twitter feeds during system installation. This may allow a remote attacker to spoof a twitter feed via a man-in-the-middle (MitM) attack.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified, Uncoordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Canonical Ltd.

ubiquity-slideshow-ubuntu

Unspecified

References

CVE ID: 2012-0956 (see also: NVD)
Secunia Advisory ID: 50563
Vendor Specific News/Changelog Entry: http://www.ubuntu.com/usn/usn-1561-1/
Other Advisory URL: https://launchpadlibrarian.net/103635884/ubuntu-12.04-desktop-xssrfa.pdf

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85540