3 matches found
CVE-2019-13226
CVE-2019-13226 affects deepin-clone (prior to 1.1.3). The issue arises from a predictable path used in Helper::temporaryMountDevice() (/tmp/.deepin-clone/mount/) to mount a filesystem as root. An unprivileged user can create a symlink at this path and, by racing, mount the filesystem at an arbitr...
CVE-2019-13227
CVE-2019-13227 affects deepin-clone prior to 1.1.3, where GUI mode writes a log to /tmp/.deepin-clone.log as root and then follows symlinks. This enables a local unprivileged user to perform a symlink attack to create or overwrite files in arbitrary filesystem locations; the content is not attack...
CVE-2019-13228
Per the provided documents, CVE-2019-13228 affects the Deepin tool deepin-clone prior to version 1.1.3, which uses a fixed path /tmp/repo.iso in BootDoctor::fix() and follows symlinks. This enables a local attacker to leverage a symlink race to replace /tmp/repo.iso with an attacker-controlled IS...