MEDIUM🇵🇱 Wersja polska

CVE-2019-13228

CVSS 4.7v3.0pub. 2019-07-04upd. 2024-11-21

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.

CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Deepin Clone

    APP
    Deepin
    < 1.1.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPERace Condition
CWE
References

Related vulnerabilities

CVE-2019-13226HIGH7.0ten sam produkt

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper:...

CVE-2019-13227MEDIUM5.5ten sam produkt

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, an...

CVE-2023-50255CRITICAL9.3PL ✓ten sam vendor

Path traversal w Deepin-Compressor umożliwiający zdalne wykonanie kodu

CVE-2023-50254CRITICAL9.3PL ✓ten sam vendor

RCE w Deepin Reader poprzez path traversal w plikach DOCX

CVE-2017-7622HIGH8.8ten sam vendor

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privilege...