deepin-clone up to 1.1.2 /tmp/repo.iso BootDoctor::fix Symlink link following
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.9 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in deepin-clone up to 1.1.2. Affected by this vulnerability is the function BootDoctor::fix of the file /tmp/repo.iso. This manipulation as part of Symlink causes link following.
This vulnerability is registered as CVE-2019-13228. The attack needs to be launched locally. No exploit is available.
You should upgrade the affected component.
Details
A vulnerability has been found in deepin-clone up to 1.1.2 and classified as problematic. Affected by this vulnerability is the function BootDoctor::fix of the file /tmp/repo.iso. The manipulation as part of a Symlink leads to a link following vulnerability. The CWE definition for the vulnerability is CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
The weakness was published 07/04/2019 (oss-sec). It is possible to read the advisory at openwall.com. This vulnerability is known as CVE-2019-13228 since 07/04/2019. Attacking locally is a requirement. A single authentication is required for exploitation. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 1.1.3 eliminates this vulnerability.
Similar entries are available at VDB-137333, VDB-137334 and VDB-137336. Be aware that VulDB is the high quality source for vulnerability data.
Product
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 4.9
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.7
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Link followingCWE: CWE-59
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: deepin-clone 1.1.3
Patch: github.com
Timeline
07/04/2019 🔍07/04/2019 🔍
07/05/2019 🔍
10/17/2023 🔍
Sources
Advisory: e079f3e2712b4f8c28e3e63e71ba1a1f90fce1abStatus: Not defined
CVE: CVE-2019-13228 (🔍)
GCVE (CVE): GCVE-0-2019-13228
GCVE (VulDB): GCVE-100-137335
See also: 🔍
Entry
Created: 07/05/2019 06:58Updated: 10/17/2023 11:28
Changes: 07/05/2019 06:58 (42), 07/01/2020 10:07 (17), 10/17/2023 11:20 (5), 10/17/2023 11:28 (1)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.