CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:deepin:deepin-clone:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

History

21 Nov 2024, 04:24

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2019/07/04/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2019/07/04/1 - Mailing List, Third Party Advisory
References () https://bugzilla.suse.com/show_bug.cgi?id=1130388 - Issue Tracking, Third Party Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1130388 - Issue Tracking, Third Party Advisory
References () https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab - Patch, Third Party Advisory () https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab - Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H/ -

07 Nov 2023, 03:03

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H/', 'name': 'FEDORA-2019-3d418f349c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H/ -

Information

Published : 2019-07-04 12:15

Updated : 2024-11-21 04:24


NVD link : CVE-2019-13226

Mitre link : CVE-2019-13226

CVE.ORG link : CVE-2019-13226


JSON object : View

Products Affected

fedoraproject

  • fedora

deepin

  • deepin-clone
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')