Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Source

Severity Medium

Remote No

Type Arbitrary filesystem access

Description

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

AVG-1498 binutils 2.35.1-1 Medium Vulnerable

https://sourceware.org/bugzilla/show_bug.cgi?id=26945
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect