CVE-2021-20197

Description


There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

References


Issue TrackingPatchThird Party Advisory

Issue TrackingPatchThird Party Advisory

CvssV3 impact


BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

6.3

VectorString

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

3.3

VectorString

AV:L/AC:M/Au:N/C:P/I:P/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE