CVE-2010-0834
Summary
| CVE | CVE-2010-0834 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-08-10 12:23:00 UTC |
| Updated | 2010-08-10 12:23:00 UTC |
| Description | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Dell | Latitude 2110 Netbook | All | All | All | All |
| Hardware | Dell | Latitude 2110 Netbook | All | All | All | All |
| Operating System | Ubuntu | Ubuntu Linux | 10.04 | - | lts | All |
| Operating System | Ubuntu | Ubuntu Linux | 9.10 | All | All | All |
| Operating System | Ubuntu | Ubuntu Linux | 10.04 | - | lts | All |
| Operating System | Ubuntu | Ubuntu Linux | 9.10 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-968-1: Dell Latitude 2110 vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Malformed Request | BID | www.securityfocus.com | Patch |
| Security Advisory SA40889 - Ubuntu base-files Dell Latitude 2110 Unauthenticated Package Installation - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Webmail - OVH | VUPEN | www.vupen.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.