A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
1.2.2-2ubuntu31.2.4-1ubuntu11.2.4-1ubuntu21.2.5-1ubuntu11.2.5-2ubuntu11.2.5-2ubuntu21.2.5-2ubuntu31.2.5-2ubuntu3.11.2.7-11.2.8-11.2.8-1build11.2.8-21.2.8-2build21.2.8-2build31.2.8-2ubuntu11.2.8-2ubuntu1.11.2.8-2ubuntu1.21.2.8-2ubuntu1.4+1 more1.3.0-3build11.3.1-11.3.1-1ubuntu11.3.1-1ubuntu1.11.3.1-11.3.2-11.3.3-11.3.4-11.3.4-31.3.4-3ubuntu10.8.17-4ubuntu6~gcc5.30.8.17-4ubuntu6~gcc5.4ubuntu10.8.17-4ubuntu6~gcc5.4ubuntu1.10.8.17-4ubuntu6~gcc5.4ubuntu1.20.8.17-4ubuntu6~gcc5.4ubuntu1.30.8.17-4ubuntu6~gcc5.4ubuntu1.40.8.17-4ubuntu6~gcc5.4ubuntu1.50.8.17-4ubuntu6~gcc5.4ubuntu1.5+esm11.1.7-11.1.9-11.1.9-1ubuntu11.1.9-1ubuntu21.1.9-1ubuntu2.18.04.11.1.9-1ubuntu2.18.04.31.1.9-1ubuntu2.18.04.41.1.9-1ubuntu2.18.04.51.1.9-1ubuntu2.18.04.61.1.9-1ubuntu2.18.04.6+esm11.1.12-5ubuntu41.1.13-11.1.13-21.1.13-2build11.1.13-2ubuntu11.1.13-2ubuntu1.11.1.13-2ubuntu1.1+esm1Exploitability
AV:NAC:LAT:NPR:LUI:NVulnerable System
VC:LVI:NVA:NSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P