CVE-2013-1764

EUVD-2013-1790
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
packagekit_projectpackagekit
𝑥
≤ 0.8.7
packagekit_projectpackagekit
0.8.1
packagekit_projectpackagekit
0.8.2
packagekit_projectpackagekit
0.8.3
packagekit_projectpackagekit
0.8.4
packagekit_projectpackagekit
0.8.5
packagekit_projectpackagekit
0.8.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bookworm
1.2.6-5
fixed
bullseye
1.2.2-2
fixed
sid
1.3.0-1
fixed
trixie
1.3.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
packagekit
hardy
not-affected
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html
http://www.openwall.com/lists/oss-security/2013/02/25/20
https://bugs.freedesktop.org/show_bug.cgi?id=61231
https://bugzilla.novell.com/show_bug.cgi?id=804983
https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425
https://gitorious.org/packagekit/packagekit/source/NEWS
http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html
http://www.openwall.com/lists/oss-security/2013/02/25/20
https://bugs.freedesktop.org/show_bug.cgi?id=61231
https://bugzilla.novell.com/show_bug.cgi?id=804983
https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425
https://gitorious.org/packagekit/packagekit/source/NEWS