Updated: 2024-11-24 03:56:24.311803
Description:
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | LOW | 3.3000000000000003 |
| CVSS Version 3.x | MEDIUM | 6.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | binutils | 2.20 | 6.3 | MEDIUM | Ignored | 2021-12-16 15:55:57 | ||
| CentOS 7 ELS | binutils | 2.27 | 6.3 | MEDIUM | Ignored | 2023-09-19 09:30:36 | ||
| CentOS 8.4 ELS | binutils | 2.30-93 | 6.3 | MEDIUM | Released | CLSA-2022:1645466518 | 2022-02-21 17:54:42 | |
| CentOS 8.5 ELS | binutils | 2.30-108 | 6.3 | MEDIUM | Not Vulnerable | 2022-02-15 08:39:39 | ||
| CloudLinux 6 ELS | binutils | 2.20 | 6.3 | MEDIUM | Ignored | 2021-12-16 15:55:57 | ||
| Oracle Linux 6 ELS | binutils | 2.20 | 6.3 | MEDIUM | Ignored | 2021-12-16 15:55:57 | ||
| Ubuntu 16.04 ELS | binutils | 2.26 | 6.3 | MEDIUM | Ignored | 2021-12-09 07:57:03 | ||
| Ubuntu 18.04 ELS | binutils | 2.30-21 | 6.3 | MEDIUM | Ignored | 2023-03-02 04:04:23 |