CVE-2010-0834
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
El paquete base-files anterior a v5.0.0ubuntu7.1 en Ubuntu v9.10 y anterior a v5.0.0ubuntu20.10.04.2 en Ubuntu v10.04 LTS, como los incluidos en portátiles Dell Latitude 2110, no necesitan autenticación para la instalación de paquetes, lo que permite a atacantes con servidores de archivos remotos y "man-in-the-middle" (intermediario) ejecutar código de su elección a través de paquetes manipulados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-03-03 CVE Reserved
- 2010-08-06 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/42280 | 2010-08-10 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40889 | 2010-08-10 | |
| http://www.ubuntu.com/usn/usn-968-1 | 2010-08-10 | |
| http://www.vupen.com/english/advisories/2010/2015 | 2010-08-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ubuntu Search vendor "Ubuntu" | Ubuntu Linux Search vendor "Ubuntu" for product "Ubuntu Linux" | 9.10 Search vendor "Ubuntu" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| in | Dell Search vendor "Dell" | Latitude 2110 Netbook Search vendor "Dell" for product "Latitude 2110 Netbook" | * | - |
Safe
|
| Ubuntu Search vendor "Ubuntu" | Ubuntu Linux Search vendor "Ubuntu" for product "Ubuntu Linux" | 10.04 Search vendor "Ubuntu" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| in | Dell Search vendor "Dell" | Latitude 2110 Netbook Search vendor "Dell" for product "Latitude 2110 Netbook" | * | - |
Safe
|