Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-0724

Publication date 10 February 2011

Last updated 24 July 2024


Ubuntu priority

The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.

From the Ubuntu Security Team

Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live media were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system.

Status

Package Ubuntu Release Status
italc 10.10 maverick
Fixed 1:1.0.9.1-0ubuntu18.10.10.1
10.04 LTS lucid
Fixed 1:1.0.9.1-0ubuntu18.10.04.1
9.10 karmic
Fixed 1:1.0.9.1-0ubuntu16.1
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

Other references