CVE-2013-1764

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
packagekit_projectpackagekit
𝑥
≤ 0.8.7
packagekit_projectpackagekit
0.8.1
packagekit_projectpackagekit
0.8.2
packagekit_projectpackagekit
0.8.3
packagekit_projectpackagekit
0.8.4
packagekit_projectpackagekit
0.8.5
packagekit_projectpackagekit
0.8.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bullseye
1.2.2-2
fixed
bookworm
1.2.6-5
fixed
sid
1.3.0-1
fixed
trixie
1.3.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
packagekit
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html
http://www.openwall.com/lists/oss-security/2013/02/25/20
https://bugs.freedesktop.org/show_bug.cgi?id=61231
https://bugzilla.novell.com/show_bug.cgi?id=804983
https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425
https://gitorious.org/packagekit/packagekit/source/NEWS
http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html
http://www.openwall.com/lists/oss-security/2013/02/25/20
https://bugs.freedesktop.org/show_bug.cgi?id=61231
https://bugzilla.novell.com/show_bug.cgi?id=804983
https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425
https://gitorious.org/packagekit/packagekit/source/NEWS