CVE-2010-0834

CWE-287 โ€” Improper Authentication5 documents5 sources
Severity
9.3CRITICAL
EPSS
0.4%
top 40.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ubuntu Ubuntu Linux
Timeline
PublishedAug 10
Latest updateMay 2

Description

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages0 packages

Also affects: Ubuntu Linux 10.04, 9.10

Patches

Patch: www.securityfocus.com โ†—Patch: www.securityfocus.com โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-mr8q-567w-34vp: The base-files package before 5โ†—2022-05-02
โ–ถ
CVEList
CVE-2010-0834: The base-files package before 5โ†—2010-08-09
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Ubuntu
Dell Latitude 2110 vulnerabilityโ†—2010-08-05
โ–ถ
Debian
CVE-2010-0834: base-files - The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubun...โ†—2010
โ–ถ