Unrated severityNVD Advisory· Published May 14, 2014· Updated Jun 16, 2026
CVE-2011-4407
CVE-2011-4407
Description
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:2.3:a:canonical:software-properties:*:*:*:*:*:*:*:*Range: <=0.81.13.1
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- Range: <0.81.13.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.