Race condition vulnerability in deepin-clone allows for arbitrary file system mounting and denial of unmount

Race condition vulnerability in deepin-clone allows for arbitrary file system mounting and denial of unmount

CVE-2019-13226 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.

Learn more about our User Device Pen Test.