Описание
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Access to the platform is granted only after successful authentication through multifactor authentication (MFA). MFA combined with least privilege and RBAC restricts access to only authorized users, processes, and roles, minimizing the number of users who would be able to access or modify sensitive and non-sensitive files. Red Hat also enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected through system compartmentalization. FIPS endpoints are enabled for all AWS GovCloud services that are used within the platform environment, ensuring that sensitive data stored on the system is encrypted or otherwise protected. Together, these controls help to prevent unauthorized access to files or the ability to manipulate the links to files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-10-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-9-binutils | Affected | ||
| Red Hat Enterprise Linux 9 | binutils | Affected | ||
| Red Hat Enterprise Linux 8 | binutils | Fixed | RHSA-2021:4364 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | binutils | Fixed | RHSA-2021:4364 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
There is an open race window when writing output in the following util ...
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
EPSS
4.2 Medium
CVSS3