9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
77.9%
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before
5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110
netbooks, does not require authentication for package installation, which
allows remote archive servers and man-in-the-middle attackers to execute
arbitrary code via a crafted package.
Author | Note |
---|---|
kees | this was fixed via base-files, but was a vulnerabilities in the pre-installed image of the Dell Latitude 2110. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 9.10 | noarch | base-files | < 5.0.0ubuntu7.1 | UNKNOWN |
ubuntu | 10.04 | noarch | base-files | < 5.0.0ubuntu20.10.04.2 | UNKNOWN |