CVE-2010-0834

NONE
Published Aug 10, 201015y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 10, 2010 15y ago
Last Modified Jun 16, 2026 2w ago

Description

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 3

VendorProductVersionRange
ubuntuubuntu_linux9.10any
ubuntuubuntu_linux10.04any
delllatitude_2110_netbook*any

References 4

  • secunia.com http://secunia.com/advisories/40889
    Vendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/42280
    Patch
  • ubuntu.com http://www.ubuntu.com/usn/usn-968-1
  • vupen.com http://www.vupen.com/english/advisories/2010/2015
    Vendor Advisory

Remediation