CVE-2013-0240
First published: Fri Jan 11 2013(Updated: )
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnome Gnome Online Accounts | =3.4.0 | |
| Gnome Gnome Online Accounts | =3.4.1 | |
| Gnome Gnome Online Accounts | =3.6.0 | |
| Gnome Gnome Online Accounts | =3.6.1 | |
| Gnome Gnome Online Accounts | =3.6.2 | |
| Gnome Gnome Online Accounts | =3.7.1 | |
| Gnome Gnome Online Accounts | =3.7.2 | |
| Gnome Gnome Online Accounts | =3.7.3 | |
| Gnome Gnome Online Accounts | =3.7.4 | |
| Canonical Ubuntu Linux | =11.10 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=908000
- https://access.redhat.com/security/cve/CVE-2013-1799
- https://access.redhat.com/security/cve/CVE-2013-0240
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0240
- https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894352
- https://bugzilla.gnome.org/show_bug.cgi?id=693214
- https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
- https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
- https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1799
- https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html
- https://bugzilla.gnome.org/show_bug.cgi?id=695106
- https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
- https://bugzilla.redhat.com/show_bug.cgi?id=894352
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
- http://secunia.com/advisories/51976
- http://secunia.com/advisories/52791
- http://ubuntu.com/usn/usn-1779-1
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0240
- vendor/gnome
- canonical/gnome gnome online accounts
- version/gnome gnome online accounts/3.4.0
- version/gnome gnome online accounts/3.4.1
- version/gnome gnome online accounts/3.6.0
- version/gnome gnome online accounts/3.6.1
- version/gnome gnome online accounts/3.6.2
- version/gnome gnome online accounts/3.7.1
- version/gnome gnome online accounts/3.7.2
- version/gnome gnome online accounts/3.7.3
- version/gnome gnome online accounts/3.7.4
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/11.10
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10