CVE-2010-0834
Published: 5 August 2010
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
Notes
Author | Note |
---|---|
kees | this was fixed via base-files, but was a vulnerabilities in the pre-installed image of the Dell Latitude 2110. |
Priority
Status
Package | Release | Status |
---|---|---|
base-files Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
dapper |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Released
(5.0.0ubuntu7.1)
|
|
lucid |
Released
(5.0.0ubuntu20.10.04.2)
|