Executive Summary

This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Name CVE-2010-0834 First vendor Publication 2010-08-10
Vendor Cve Last vendor Modification 2010-08-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0834

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13230
Oval ID: oval:org.mitre.oval:def:13230
Title: USN-968-1 -- base-files vulnerability
Description: It was discovered that the Ubuntu image shipped on some Dell Latitude 2110 systems was accidentally configured to allow unauthenticated package installations. A remote attacker intercepting network communications or a malicious archive mirror server could exploit this to trick the user into installing unsigned packages, resulting in arbitrary code execution with root privileges.
Family: unix Class: patch
Reference(s): USN-968-1
Version: 7
Platform(s): Ubuntu 9.10
Ubuntu 10.04
Product(s): base-files
Definition Synopsis:

CPE : Common Platform Enumeration

Hardware 1
Os 2

OpenVAS Exploits

Date Description
2010-08-06 Name : Ubuntu Update for base-files vulnerability USN-968-1
File : nvt/gb_ubuntu_USN_968_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
66963 Ubuntu base-files on Dell Latitude 2110 Unauthenticated Package Installation

Nessus® Vulnerability Scanner

Date Description
2010-08-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-968-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/42280
UBUNTU http://www.ubuntu.com/usn/usn-968-1
VUPEN http://www.vupen.com/english/advisories/2010/2015

Alert History

If you want to see full details history, please login or register.
Date Informations
2019-05-10 12:03:12
  • Multiple Updates
2016-06-28 18:04:23
  • Multiple Updates
2016-04-26 19:37:51
  • Multiple Updates
2014-02-17 10:54:13
  • Multiple Updates
2013-05-10 23:19:39
  • Multiple Updates