CVE-2019-13228
- Source
- https://cve.org/CVERecord?id=CVE-2019-13228
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13228.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-13228
- Published
- 2019-07-04T12:15:10.597Z
- Modified
- 2026-03-12T23:00:06.256630Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H/
- http://www.openwall.com/lists/oss-security/2019/07/04/1
- https://bugzilla.suse.com/show_bug.cgi?id=1130388
- https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab
Affected packages
Git / github.com/martyr-deepin/deepin-clone
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.5.1
0.0.6
0.0.7
0.0.7.1
0.0.8
0.0.8.1
0.0.8.2
0.0.8.3
0.0.8.4
0.0.8.5
0.0.9
0.1.0
0.1.1
0.1.2
1.*
1.1.0
1.1.1
1.1.2
1.1.2.1
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13228.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2019-13228-0ea8271f",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"function_hash": "113563948601623775091994925457347850496",
"length": 5262.0
},
"target": {
"function": "main",
"file": "app/src/main.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2019-13228-2619044d",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"function_hash": "15114990063950498979010082607885604993",
"length": 715.0
},
"target": {
"function": "Helper::temporaryMountDevice",
"file": "app/src/corelib/helper.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2019-13228-29107175",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"line_hashes": [
"62791092068982009360708951756407158019",
"183656613279236439411046807009905886941",
"156882658786362086991523233056356618644",
"192281343816030771018560832689346276348",
"184585851938587393543751868085973308293"
],
"threshold": 0.9
},
"target": {
"file": "app/src/fixboot/bootdoctor.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2019-13228-3b75f8d0",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"line_hashes": [
"297493941717721491120353739802702694378",
"70663712124648028788775084082602127773",
"85915241062483032978909714211164534520",
"95727840979590646384826573652163520682",
"158494060859160071111546718480802766467",
"44026927524306943319463477520998127922",
"202445875717026759860022253414285575446",
"28710741109670800836779551038406405714",
"274459582798055139454775133966231040261",
"137762565925767635282689544041667052153",
"132283219185783715285941624257154906221",
"302653461098447736719831988179108189639"
],
"threshold": 0.9
},
"target": {
"file": "app/src/corelib/helper.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2019-13228-4f9bf2b7",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"function_hash": "28849812168971268904174299514783830592",
"length": 3623.0
},
"target": {
"function": "DDeviceDiskInfoPrivate::openDataStream",
"file": "app/src/corelib/ddevicediskinfo.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2019-13228-68550ce5",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"line_hashes": [
"58264006821500031156106701592342553815",
"103938867238767200280192958584417589954",
"172366182685669957712578976268734425999",
"308269815039287284986994750527323314095",
"102255409522555953468421437115475193332",
"194190622566688223043749150494675717970",
"300223336700056411171180316392015238634",
"45209363262191569559167691881851339042",
"50368863285329939229768157340002832949",
"22916161165584685129666313370741910864",
"136471237446649993883938372850913848643",
"239967882650600827702346189270172629001",
"77143623736570513858456326751685898567",
"79094150988835526094010809817994885981",
"168551283402309239636945602582763034847",
"273145873841070949625564049033054353932",
"26590347001226687252240230793084236889",
"76417755425948067877209086338907040831",
"180080363487796562253453501927238441739",
"214379789846089921371141965617501070517",
"75407180318704451699303769443305508093",
"107515924067177073179555495791575344681",
"99521949033218398506077052531707715275",
"334481101730258788022912403254789715770",
"213900814101210555089531401897730498386",
"47472184887931405410206004603966111469"
],
"threshold": 0.9
},
"target": {
"file": "app/src/main.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2019-13228-9d49d7d2",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"line_hashes": [
"324363659789247176069352626471038849076",
"182187092244263681320822910085326308734",
"172543767542843172380504294006296039083",
"266436126093247388408246011968455259512",
"48002355643099683936159613585372781730",
"217210226020753186543389213980821076458"
],
"threshold": 0.9
},
"target": {
"file": "app/src/corelib/ddevicediskinfo.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2019-13228-cb8b1423",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"function_hash": "336834746435690710190750556304552413246",
"length": 6578.0
},
"target": {
"function": "BootDoctor::fix",
"file": "app/src/fixboot/bootdoctor.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2019-13228-e1d4f7a3",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"line_hashes": [
"73211461248026863421626167981980895695",
"4466010122219878740845082028969158904",
"9156597926303972806743309778298674621"
],
"threshold": 0.9
},
"target": {
"file": "app/src/corelib/helper.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2019-13228-e2813487",
"source": "https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab",
"digest": {
"function_hash": "252563795239347951469147610591389157525",
"length": 2721.0
},
"target": {
"function": "Helper::getPartitionSizeInfo",
"file": "app/src/corelib/helper.cpp"
}
}
]