CVE-2021-20197
Publication date 26 March 2021
Last updated 24 July 2024
Ubuntu priority
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| binutils | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Ignored |
Notes
mdeslaur
commits below are from 2.36 branch. At some point, commits were reverted and then reinstated later on. The list below doesn't include the added and reverted commits. These changes are quite intrusive to backport, are regression- prone and may introduce regressions in other packages. For this reason we will not be fixing this issue in stable releases.
Patch details
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.3 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |