VYPR

deepin-clone

by Linuxdeepin

CVEs (4)

  • CVE-2019-13229Jul 4, 2019
    risk 0.00cvss epss 0.00

    deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system…

  • CVE-2019-13228Jul 4, 2019
    risk 0.00cvss epss 0.00

    deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content…

  • CVE-2019-13227Jul 4, 2019
    risk 0.00cvss epss 0.00

    In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not…

  • CVE-2019-13226Jul 4, 2019
    risk 0.00cvss epss 0.00

    deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted…