嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。我得先仔细读一下文章内容。 文章讲的是一个叫做Pack2TheRoot的漏洞,存在了12年,影响Linux系统。这个漏洞可以让普通用户通过PackageKit安装或删除系统包,从而获得root权限。CVSS评分8.8,属于高危漏洞。 漏洞是由德国电信的红队发现的,他们利用AI工具Claude Opus来探索这个问题,并负责任地向维护人员披露了这个漏洞。修复版本是PackageKit 1.3.5,已经发布了补丁。 用户的需求是总结内容,控制在100字以内。所以我要抓住关键点:漏洞名称、影响、存在时间、CVSS评分、影响范围、修复情况。 可能还需要提到发现者和修复版本的信息。这样总结下来应该符合要求。 </think> Linux系统中发现严重漏洞Pack2TheRoot(CVE-2026-41651),允许无特权用户通过PackageKit安装或删除系统包,从而获取root权限。该漏洞已存在近12年,CVSS评分为8.8。影响包括Ubuntu、Debian、Fedora等多款Linux发行版,默认安装下易受攻击。修复版本PackageKit 1.3.5已发布。 2026-4-24 19:46:15 Author: securityaffairs.com(查看原文) 阅读量:23 收藏
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years.
The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially gaining full root access.
The vulnerability is rated high severity, CVSS score of 8.8, and has existed for nearly 12 years.
Discovered by Deutsche Telekom’s Red Team, it stems from PackageKit allowing commands like “pkcon install” to run without a password on some systems. Researchers used AI (Claude Opus) to explore the issue, confirmed it manually, and responsibly disclosed it to maintainers, who validated the flaw.
“Today we publicly disclose a high-severity vulnerability (CVSS 3.1: 8.8) – in coordination with distro maintainers – that affects multiple Linux distributions in their default installations. The Pack2TheRoot vulnerability can be exploited by any local unprivileged user to obtain root access on a vulnerable system.” reads the advisory published by Deutsche Telekom. “The vulnerability lies in the PackageKit daemon, a cross-distro package management abstraction layer.
Details of the Pack2TheRoot flaw were disclosed alongside a fix in PackageKit 1.3.5, though exploit code was withheld to allow patching. Deutsche Telekom researchers found that PackageKit could run commands like “pkcon install” without authentication in some cases on Fedora, enabling package installation. The researchers used the Claude Opus AI tool to explore this behavior further and identified the vulnerability as CVE-2026-41651.
All PackageKit versions from 1.0.2 to 1.3.4 are vulnerable, affecting many Linux distributions for over 12 years. Tested systems include Ubuntu, Debian, Fedora, and Rocky Linux, and others using PackageKit may also be at risk, including servers with Cockpit. The issue is fixed in version 1.3.5, with patches released on April 22, 2026.
Technical details of the vulnerability are not yet disclosed and will be shared later. Researchers have developed a reliable proof-of-concept that allows an unprivileged local user to gain root code execution on default Linux systems. However, the PoC code has not been released publicly to prevent abuse while patches are being deployed.
To check if you’re vulnerable, verify if PackageKit is installed using dpkg or rpm, as it may run on demand via D-Bus. Then check if the service is active with systemctl or monitoring tools like pkmon/pkgcli. If active and unpatched, your system may be at risk. Although fixed in version 1.3.5, many distributions have released patched versions separately, so updating via your distro is essential.
You can use the following commands to check whether a vulnerable version of PackageKit is installed on your system:
dpkg -l | grep -i packagekitrpm -qa | grep -i packagekit
To verify if the PackageKit daemon is active, run systemctl status packagekit or pkmon. If the service is loaded or running, your system may be at risk if it has not been patched.
Researchers released Indicators of compromise (IOCs) for this flaw.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Pack2TheRoot)
如有侵权请联系:admin#unsafe.sh