Lucene search

[email protected]CVE-2010-0834

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-0834

2022-10-0316:21:13

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-0834

base-files package

ubuntu

authentication bypass

remote code execution

netbook security

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Affected configurations

NVD

Node

ubuntuubuntu_linuxMatch9.10

ubuntuubuntu_linuxMatch10.04-lts

AND

delllatitude_2110_netbook

CPENameOperatorVersion
ubuntu:ubuntu_linuxubuntu ubuntu linuxeq9.10
ubuntu:ubuntu_linuxubuntu ubuntu linuxeq10.04

CPE	Name	Operator	Version
ubuntu:ubuntu_linux	ubuntu ubuntu linux	eq	9.10
ubuntu:ubuntu_linux	ubuntu ubuntu linux	eq	10.04

References

secunia.com/advisories/40889

www.securityfocus.com/bid/42280

www.ubuntu.com/usn/usn-968-1

www.vupen.com/english/advisories/2010/2015

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2010-0834

openvas2 debiancve1 cvelist1 ubuntucve1 prion1 nvd1 nessus1 ubuntu1