Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2018-1106

Published: 23/04/2018 Updated: 09/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Packagekit

Vulnerability Summary

An authentication bypass flaw has been found in PackageKit prior to 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

Vulnerable Product Search on Vulmon Subscribe to Product

packagekit project packagekit

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.6

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

canonical ubuntu linux 17.10

debian debian linux 9.0

Vendor Advisories

Red Hat: Moderate: PackageKit security update
Synopsis Moderate: PackageKit security update Type/Severity Security Advisory: Moderate Topic An update for PackageKit is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Debian CVElist Bug Report Logs: packagekit: CVE-2018-1106: Installation of Signed Packages without Administrator Authentication
Debian Bug report logs - #896703 packagekit: CVE-2018-1106: Installation of Signed Packages without Administrator Authentication Package: src:packagekit; Maintainer for src:packagekit is Matthias Klumpp <mak@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Apr 2018 19:33:01 UTC Severit ...
Ubuntu Security Notice: packagekit vulnerability
PackageKit could be made to install or run programs as an administrator ...
Amazon Linux 2: ALAS2-2018-1006
Authentication bypass allows to install signed packages without administrator privilegesAn authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages A local attacker can use this vulnerability to install vulnerable packages to further compromise a system (CVE-2018-1106) ...
Red Hat: CVE-2018-1106
An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages A local attacker can use this vulnerability to install vulnerable packages to further compromise a system ...

References

CWE-287http://www.openwall.com/lists/oss-security/2018/04/23/3https://usn.ubuntu.com/3634-1/https://access.redhat.com/errata/RHSA-2018:1224https://www.debian.org/security/2018/dsa-4207https://bugzilla.redhat.com/show_bug.cgi?id=1565992https://access.redhat.com/errata/RHSA-2018:1224https://usn.ubuntu.com/3634-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook