Launchpad.net

CVE 2010-0834

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Related bugs and status

CVE-2010-0834 (Candidate) is related to these bugs:

Bug #610647: Dell Latitude 2110 ships insecure apt configuration

		In	Importance	Status
610647	Dell Latitude 2110 ships insecure apt configuration	base-files (Ubuntu)	High	Fix Released
610647	Dell Latitude 2110 ships insecure apt configuration	base-files (Ubuntu Karmic)	High	Fix Released
610647	Dell Latitude 2110 ships insecure apt configuration	base-files (Ubuntu Lucid)	High	Fix Released
610647	Dell Latitude 2110 ships insecure apt configuration	base-files (Ubuntu Maverick)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

UBUNTU: USN-968-1
BID: 42280
SECUNIA: 40889
VUPEN: ADV-2010-2015