CVE-2010-0834

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
ubuntuubuntu_linux
9.10
ubuntuubuntu_linux
10.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
base-files
bullseye
11.1+deb11u11
fixed
bookworm
12.4+deb12u7
fixed
sid
13.5
fixed
trixie
13.5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
base-files
lucid
Fixed 5.0.0ubuntu20.10.04.2
released
karmic
Fixed 5.0.0ubuntu7.1
released
jaunty
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/40889
http://www.securityfocus.com/bid/42280
http://www.ubuntu.com/usn/usn-968-1
http://www.vupen.com/english/advisories/2010/2015
http://secunia.com/advisories/40889
http://www.securityfocus.com/bid/42280
http://www.ubuntu.com/usn/usn-968-1
http://www.vupen.com/english/advisories/2010/2015