CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
packagekit_projectpackagekit
𝑥
< 1.1.10
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
7.0
canonicalubuntu_linux
17.10
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bookworm
1.2.6-5
fixed
bullseye
1.2.2-2
fixed
jessie
not-affected
sid
1.3.0-1
fixed
trixie
1.3.0-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
packagekit
artful
Fixed 1.1.7-1ubuntu0.1
released
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
PackageKit
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.9.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.9.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
PackageKit-backend-zypp
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.9.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.9.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
PackageKit-devel
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
PackageKit-gstreamer-plugin
suse enterprise desktop 12 SP3
1.1.3-24.6.1
fixed
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.6.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.6.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise workstation 12 SP3
1.1.3-24.6.1
fixed
suse enterprise workstation 12 SP5
1.1.3-24.6.1
fixed
suse enterprise workstation 15
1.1.10-2.7
fixed
suse enterprise workstation 15 SP1
1.1.10-10.1
fixed
suse enterprise workstation 15 SP2
1.1.13-2.16
fixed
suse enterprise workstation 15 SP3
1.1.13-4.20.1
fixed
suse enterprise workstation 15 SP4
1.2.4-150400.1.11
fixed
PackageKit-gtk3-module
suse enterprise desktop 12 SP3
1.1.3-24.6.1
fixed
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.6.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.6.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise workstation 12 SP3
1.1.3-24.6.1
fixed
suse enterprise workstation 12 SP5
1.1.3-24.6.1
fixed
suse enterprise workstation 15
1.1.10-2.7
fixed
suse enterprise workstation 15 SP1
1.1.10-10.1
fixed
suse enterprise workstation 15 SP2
1.1.13-2.16
fixed
suse enterprise workstation 15 SP3
1.1.13-4.20.1
fixed
suse enterprise workstation 15 SP4
1.2.4-150400.1.11
fixed
PackageKit-lang
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.9.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.9.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
libpackagekit-glib2-18
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.9.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.9.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
libpackagekit-glib2-devel
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
typelib-1_0-PackageKitGlib-1_0
suse enterprise desktop 15
1.1.10-2.7
fixed
suse enterprise desktop 15 SP1
1.1.10-10.1
fixed
suse enterprise desktop 15 SP2
1.1.13-2.16
fixed
suse enterprise desktop 15 SP3
1.1.13-4.20.1
fixed
suse enterprise desktop 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise desktop 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise sap 12 SP3
1.1.3-24.6.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.9.1
fixed
suse enterprise sap 15
1.1.10-2.7
fixed
suse enterprise sap 15 SP1
1.1.10-10.1
fixed
suse enterprise sap 15 SP2
1.1.13-2.16
fixed
suse enterprise sap 15 SP3
1.1.13-4.20.1
fixed
suse enterprise sap 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise sap 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise sap 15 SP7
1.2.8-150600.4.8.2
fixed
suse enterprise server 12 SP3
1.1.3-24.6.1
fixed
suse enterprise server 12 SP5
1.1.3-24.9.1
fixed
suse enterprise server 15
1.1.10-2.7
fixed
suse enterprise server 15 SP1
1.1.10-10.1
fixed
suse enterprise server 15 SP2
1.1.13-2.16
fixed
suse enterprise server 15 SP3
1.1.13-4.20.1
fixed
suse enterprise server 15 SP4
1.2.4-150400.1.11
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.6.1
fixed
suse enterprise server 15 SP6
1.2.8-150600.2.8
fixed
suse enterprise server 15 SP7
1.2.8-150600.4.8.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
PackageKit
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-command-not-found
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-cron
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-glib
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-glib-devel
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-gstreamer-plugin
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-gtk3-module
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-yum
RHEL 7
0:1.1.5-2.el7_5
fixed
PackageKit-yum-plugin
RHEL 7
0:1.1.5-2.el7_5
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2018/04/23/3
https://access.redhat.com/errata/RHSA-2018:1224
https://bugzilla.redhat.com/show_bug.cgi?id=1565992
https://usn.ubuntu.com/3634-1/
https://www.debian.org/security/2018/dsa-4207
http://www.openwall.com/lists/oss-security/2018/04/23/3
https://access.redhat.com/errata/RHSA-2018:1224
https://bugzilla.redhat.com/show_bug.cgi?id=1565992
https://usn.ubuntu.com/3634-1/
https://www.debian.org/security/2018/dsa-4207