CVE-2021-20197

2021-03-2600:00:00

ubuntu.com

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

There is an open race window when writing output in the following utilities
in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When
these utilities are run as a privileged user (presumably as part of a
script updating binaries across different users), an unprivileged user can
trick these utilities into getting ownership of arbitrary files through a
symlink.

Bugs

<https://sourceware.org/bugzilla/show_bug.cgi?id=26945>
<https://sourceware.org/bugzilla/show_bug.cgi?id=27270 (regression)>
<https://sourceware.org/bugzilla/show_bug.cgi?id=27284 (regression)>
<https://sourceware.org/bugzilla/show_bug.cgi?id=27456 (regression)>
<https://bugzilla.redhat.com/show_bug.cgi?id=1951278#c3 (regression)>

Notes

Author	Note
mdeslaur	commits below are from 2.36 branch. At some point, commits were reverted and then reinstated later on. The list below doesn’t include the added and reverted commits. These changes are quite intrusive to backport, are regression- prone and may introduce regressions in other packages. For this reason we will not be fixing this issue in stable releases.