PT-2010-2558 · Canonical · Base-Files

Published

2010-08-09

Updated

2010-08-10

CVE-2010-0834

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions base-files versions prior to 5.0.0ubuntu7.1 on Ubuntu 9.10 base-files versions prior to 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS

Description The issue allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package, as the base-files package does not require authentication for package installation.

Recommendations For base-files versions prior to 5.0.0ubuntu7.1 on Ubuntu 9.10, update to version 5.0.0ubuntu7.1 or later. For base-files versions prior to 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, update to version 5.0.0ubuntu20.10.04.2 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2010-0834

Affected Products

Base-Files

PT-2010-2558 · Canonical · Base-Files

CVE-2010-0834

Weakness Enumeration

Related Identifiers

Affected Products

References · 5