CVE-2010-3905

Published: 16 December 2010

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.

Priority

Status

Package	Release	Status
eucalyptus Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	karmic	Not vulnerable
	lucid	Not vulnerable
	maverick	Released (2.0+bzr1241-0ubuntu4.1)
	upstream	Pending (2.0.2)

References

https://ubuntu.com/security/notices/USN-1033-1
https://www.cve.org/CVERecord?id=CVE-2010-3905
NVD
Launchpad
Debian

Bugs

https://launchpad.net/bugs/675372

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›