Published: 26/03/2021 Updated: 12/02/2023

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 6.3 | Impact Score: 5.2 | Exploitability Score: 1

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and previous versions:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu binutils
redhat enterprise linux 8.0
netapp cloud backup -
netapp ontap select deploy administration utility -
netapp solidfire \\& hci management node -
broadcom brocade fabric operating system firmware -

There is an open race window when writing output in the following utilities in GNU binutils version 235 and earlier: ar, objcopy, strip, ranlib When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitr ...

CWE-59 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://sourceware.org/bugzilla/show_bug.cgi?id=26945 https://security.netapp.com/advisory/ntap-20210528-0009/https://security.gentoo.org/glsa/202208-30 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-20197

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-20197

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect