CVE-2011-0724
Published: 10 February 2011
The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.
From the Ubuntu Security Team
Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live media were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system.
Priority
Status
Package | Release | Status |
---|---|---|
italc Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(only on Edubuntu live media)
|
dapper |
Not vulnerable
(not installed on live media)
|
|
hardy |
Not vulnerable
(not installed on live media)
|
|
karmic |
Released
(1:1.0.9.1-0ubuntu16.1)
|
|
lucid |
Released
(1:1.0.9.1-0ubuntu18.10.04.1)
|
|
maverick |
Released
(1:1.0.9.1-0ubuntu18.10.10.1)
|