29 matches found
Code injection
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content...
CVE-2019-13229
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content...
CVE-2019-13229
Affected software: deepin-clone up to version 1.1.3. Root cause: Helper::getPartitionSizeInfo writes a log at /tmp/partclone.log and follows symlinks, enabling an unprivileged user to perform a symlink attack to create or overwrite arbitrary filesystem files. Impact: local, unprivileged attacker ...
CVE-2019-13228
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...
CVE-2019-13228
Per the provided documents, CVE-2019-13228 affects the Deepin tool deepin-clone prior to version 1.1.3, which uses a fixed path /tmp/repo.iso in BootDoctor::fix() and follows symlinks. This enables a local attacker to leverage a symlink race to replace /tmp/repo.iso with an attacker-controlled IS...
CVE-2019-13227
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled...
CVE-2019-13227
CVE-2019-13227 affects deepin-clone prior to 1.1.3, where GUI mode writes a log to /tmp/.deepin-clone.log as root and then follows symlinks. This enables a local unprivileged user to perform a symlink attack to create or overwrite files in arbitrary filesystem locations; the content is not attack...
CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...
CVE-2019-13226
CVE-2019-13226 affects deepin-clone (prior to 1.1.3). The issue arises from a predictable path used in Helper::temporaryMountDevice() (/tmp/.deepin-clone/mount/) to mount a filesystem as root. An unprivileged user can create a symlink at this path and, by racing, mount the filesystem at an arbitr...