CVE-2021-20197 - log back

CVE-2021-20197 edited at 27 Mar 2021 11:25:46
Description
- There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue was fixed in binutils version 2.36, but subsequently the fix was partly reverted in version 2.36.1 because it was causing issues with the file archiver "ar".
+ There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue was fixed in binutils version 2.36, but subsequently the fix was partly reverted in version 2.36.1 because it was causing issues with the file archiver "ar". The full fix is queued to be included in version 2.36.2.
References
https://sourceware.org/bugzilla/show_bug.cgi?id=26945
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2
https://sourceware.org/pipermail/binutils/2021-February/115240.html
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=355e5f2ffbc0db0c6db77586d879553b72958187
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6184480d7ce1bcd57669a62867efc68418d0de7c
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=d3edaa91d4cf7202ec14342410194841e2f67f12
CVE-2021-20197 edited at 06 Feb 2021 13:45:24
Description
- There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue is fixed in binutils version 2.36.
+ There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue was fixed in binutils version 2.36, but subsequently the fix was partly reverted in version 2.36.1 because it was causing issues with the file archiver "ar".
References
https://sourceware.org/bugzilla/show_bug.cgi?id=26945
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2
+ https://sourceware.org/pipermail/binutils/2021-February/115240.html
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=355e5f2ffbc0db0c6db77586d879553b72958187
CVE-2021-20197 edited at 04 Feb 2021 09:08:06
Description
- There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
+ There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue is fixed in binutils version 2.36.
References
https://sourceware.org/bugzilla/show_bug.cgi?id=26945
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2
- https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
- https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
CVE-2021-20197 edited at 27 Jan 2021 08:55:31
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary filesystem access
Description
+ There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=26945
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=014cc7f849e8209623fc99264814bce7b3b6faf2
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
Notes
CVE-2021-20197 created at 27 Jan 2021 08:52:15