Description
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
References (4)
Core 4
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42280
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40889
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2015
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-968-1
Scores
EPSS
0.0272
EPSS Percentile
84.2%
Details
CWE
CWE-287
Status
published
Products (2)
ubuntu/ubuntu_linux
9.10
ubuntu/ubuntu_linux
10.04
Published
Aug 10, 2010
Tracked Since
Feb 18, 2026