CVE-2021-20197 log

Source
Severity Medium
Remote No
Type Arbitrary filesystem access
Description
There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue was fixed in binutils version 2.36, but subsequently the fix was partly reverted in version 2.36.1 because it was causing issues with the file archiver "ar". The full fix is queued to be included in version 2.36.2.
Group Package Affected Fixed Severity Status Ticket
AVG-1540 binutils 2.36.1-3 2.38-1 Medium Fixed
References
https://sourceware.org/bugzilla/show_bug.cgi?id=26945
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2
https://sourceware.org/pipermail/binutils/2021-February/115240.html
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=355e5f2ffbc0db0c6db77586d879553b72958187
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6184480d7ce1bcd57669a62867efc68418d0de7c
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=d3edaa91d4cf7202ec14342410194841e2f67f12