Packagekit
CVE-2013-1764
LOW
Severity by source
AV:L/AC:L/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
AnalysisAI
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-264. The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. Affected products include: Packagekit Project Packagekit. Version information: before 0.8.8.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Packagekit
View allLocal privilege escalation in PackageKit 1.0.2-1.3.4 allows unprivileged Linux users to install arbitrary RPM packages a
PackageKit's apt backend mistakenly treated all local debs as trusted. Rated high severity (CVSS 7.8), this vulnerabilit
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mim
Improper authorization in PackageKit up to 1.3.5 allows a low-privileged authenticated remote attacker to bypass access
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privile
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. Rated
A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexi
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today