There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and previous versions:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu binutils |
||
redhat enterprise linux 8.0 |
||
netapp cloud backup - |
||
netapp ontap select deploy administration utility - |
||
netapp solidfire \\& hci management node - |
||
broadcom brocade fabric operating system firmware - |