Executive Summary
| Summary | |
|---|---|
| Title | iTALC vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-1061-1 | First vendor Publication | 2011-02-11 |
| Vendor | Ubuntu | Last vendor Modification | 2011-02-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Edubuntu releases: Edubuntu 9.10 Edubuntu 10.04 LTS Edubuntu 10.10 This advisory does not apply to the corresponding versions of Ubuntu, Kubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Edubuntu 9.10: Edubuntu 10.04 LTS: Edubuntu 10.10: After a standard system update, if you had originally installed from the Edubuntu Live DVD and the bad keys were found, you will need to redistribute the newly generated public keys to your iTALC clients and restart each session. For more details, see: https://wiki.ubuntu.com/iTalc/Keys Details follow: Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-1061-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:21293 | |||
| Oval ID: | oval:org.mitre.oval:def:21293 | ||
| Title: | USN-1061-1 -- italc vulnerability | ||
| Description: | Stphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1061-1 CVE-2011-0724 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | italc |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Hardware | 1 | |
| Os | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 73303 | Edubuntu Live DVD iTALC Private Keys Regeneration Remote Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1061-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:58:17 |
|
