Vulnerability CVE-2010-0834


Published: 2010-08-10   Modified: 2012-02-13

Description:
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Ubuntu -> Ubuntu linux 

 References:
http://www.securityfocus.com/bid/42280
http://www.vupen.com/english/advisories/2010/2015
http://www.ubuntu.com/usn/usn-968-1
http://secunia.com/advisories/40889

Copyright 2024, cxsecurity.com

 

Back to Top