CVE-2010-0834
NONE
Published Aug 10, 201015y ago · Modified Jun 16, 20262w ago
Published Aug 10, 2010 15y ago
Last Modified Jun 16, 2026 2w ago
Description
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-287 Improper Authentication Authentication
Affected Products 3
References 4
- secunia.com http://secunia.com/advisories/40889
- securityfocus.com http://www.securityfocus.com/bid/42280
- ubuntu.com http://www.ubuntu.com/usn/usn-968-1
- vupen.com http://www.vupen.com/english/advisories/2010/2015
Remediation
- securityfocus.com http://www.securityfocus.com/bid/42280