PT-2019-13193 · Deepin · Deepin-Clone

Hillwood Yang

Published

2019-07-04

Updated

2019-07-28

CVE-2019-13227

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions deepin-clone versions prior to 1.1.3

Description The issue allows an unprivileged user to potentially create or overwrite files in arbitrary file system locations by preparing a symlink attack at the fixed path /tmp/.deepin-clone.log. The content of the created or overwritten files is not controlled by the attacker.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/.deepin-clone.log file to prevent symlink attacks until the update is applied.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2019-13227

Affected Products

Deepin-Clone

PT-2019-13193 · Deepin · Deepin-Clone

CVE-2019-13227

Weakness Enumeration

Related Identifiers

Affected Products

References · 7