Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-20197

UNKNOWN
Published 2021-03-26T16:47:20
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-20197. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-rq67-5wpf-96wv

Advisory Details

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-20197
WEB https://access.redhat.com/errata/RHSA-2021:4364
WEB https://access.redhat.com/security/cve/CVE-2021-20197
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1913743
WEB https://security.gentoo.org/glsa/202208-30
WEB https://security.netapp.com/advisory/ntap-20210528-0009
WEB https://sourceware.org/bugzilla/show_bug.cgi?id=26945

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: June 4, 2022

References

https://bugzilla.redhat.com/show_bug.cgi?id=1913743
https://sourceware.org/bugzilla/show_bug.cgi?id=26945
https://security.netapp.com/advisory/ntap-20210528-0009/
https://security.gentoo.org/glsa/202208-30
Published: 2021-03-26T16:47:20
Last Modified: 2024-08-03T17:30:07.480Z
Copied to clipboard!