Vulnerability Description
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | 9.10 |
| Dell | Latitude 2110 Netbook | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40889Vendor Advisory
- http://www.securityfocus.com/bid/42280Patch
- http://www.ubuntu.com/usn/usn-968-1
- http://www.vupen.com/english/advisories/2010/2015Vendor Advisory
- http://secunia.com/advisories/40889Vendor Advisory
- http://www.securityfocus.com/bid/42280Patch
- http://www.ubuntu.com/usn/usn-968-1
- http://www.vupen.com/english/advisories/2010/2015Vendor Advisory
FAQ
What is CVE-2010-0834?
CVE-2010-0834 is a vulnerability with a CVSS score of 9.3 (HIGH). The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package...
How severe is CVE-2010-0834?
CVE-2010-0834 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0834?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Ubuntu Linux, Dell Latitude 2110 Netbook.