Authentication Bypass Vulnerability in PackageKit by Red Hat
CVE-2018-1106

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Packagekit
Vendor: CVE Published:; 23 April 2018

🔔 Create Red Hat Vulnerability Alert

What is CVE-2018-1106?

An authentication bypass vulnerability in PackageKit allows local users to install signed packages without requiring administrator privileges. This flaw can be exploited by an attacker to install modified packages, potentially leading to further system compromises. Security measures should be taken to ensure that only authorized personnel can perform such installations.

Affected Version(s)

PackageKit before 1.1.10

References

https://usn.ubuntu.com/3634-1/

vendor-advisoryx_refsource_UBUNTU

https://www.debian.org/security/2018/dsa-4207

vendor-advisoryx_refsource_DEBIAN

http://www.openwall.com/lists/oss-security/2018/04/23/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2018
Vulnerability Reserved
Dec 4, 2017

.

CVE-2018-1106 : Authentication Bypass Vulnerability in PackageKit by Red Hat