9.3

CVE-2010-0834

EPSS 0.51%
Veröffentlicht 10.08.2010 12:23:05
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ubuntu ≫ Ubuntu Linux Version9.10

Dell ≫ Latitude 2110 Netbook

Ubuntu ≫ Ubuntu Linux Version10.04 Update- Editionlts

Dell ≫ Latitude 2110 Netbook

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.635

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/40889

Vendor Advisory

http://www.securityfocus.com/bid/42280

Patch

http://www.ubuntu.com/usn/usn-968-1

http://www.vupen.com/english/advisories/2010/2015

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-0834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0834

EUVD