CVE-2016-15045

A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.

CVSS

No CVSS.

References

Link	Resource
https://github.com/linuxdeepin/lastore-daemon
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb
https://www.deepin.org/en/mirrors/releases/
https://www.exploit-db.com/exploits/39433
https://www.exploit-db.com/exploits/44523
https://www.vulncheck.com/advisories/deepin-lastore-daemon-priv-esc
https://www.exploit-db.com/exploits/39433

Configurations

No configuration.

History

23 Jul 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/39433 -~~	() https://www.exploit-db.com/exploits/39433 -

23 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-23 14:15

Updated : 2025-07-23 15:15

NVD link : CVE-2016-15045

Mitre link : CVE-2016-15045

CVE.ORG link : CVE-2016-15045

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2016-15045", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-23T14:15:31.950", "references": [{"url": "https://github.com/linuxdeepin/lastore-daemon", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://www.deepin.org/en/mirrors/releases/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/39433", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/44523", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/deepin-lastore-daemon-priv-esc", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/39433", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root."}], "lastModified": "2025-07-23T15:15:29.573", "sourceIdentifier": "disclosure@vulncheck.com"}