Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-20197

Опубликовано: 26 мар. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 3.3
CVSS3: 6.3

Описание

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

РелизСтатусПримечание
bionic

ignored

devel

not-affected

2.36.1-6ubuntu1
esm-infra-legacy/trusty

ignored

esm-infra/bionic

ignored

esm-infra/focal

ignored

esm-infra/xenial

ignored

focal

ignored

groovy

ignored

end of life
hirsute

not-affected

2.36.1-6ubuntu1
impish

not-affected

2.36.1-6ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 41%
0.00193
Низкий

3.3 Low

CVSS2

6.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-20197

CVSS3: 4.2
redhat
почти 5 лет назад

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

nvd логотип

CVE-2021-20197

CVSS3: 6.3
nvd
больше 4 лет назад

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

msrc логотип

CVE-2021-20197

CVSS3: 6.3
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-20197

CVSS3: 6.3
debian
больше 4 лет назад

There is an open race window when writing output in the following util ...

github логотип

GHSA-rq67-5wpf-96wv

CVSS3: 6.3
github
больше 3 лет назад

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

EPSS

Процентиль: 41%
0.00193
Низкий

3.3 Low

CVSS2

6.3 Medium

CVSS3