Vulnerability CVE-2021-20197

Vulnerability Name:

CVE-2021-20197 (CCN-198863)

Assigned:

2020-12-17

Published:

2021-01-07

Updated:

2023-02-12

Summary:

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CVSS v3 Severity:

6.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
3.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

4.2 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
3.7 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

2.4 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-59

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-20197

Source: CCN
Type: Red Hat Bugzilla - Bug 1913743
(CVE-2021-20197) - CVE-2021-20197 binutils: race window allows users to own arbitrary files

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
gnu-cve202120197-sec-bypass(198863)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: binutils GIT Repository
Reinstate various pieces backed out from smart_rename changes

Source: CCN
Type: IBM Security Bulletin 6479365 (Netezza Platform Software)
Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software

Source: CCN
Type: IBM Security Bulletin 6560126 (Sterling Connect:Direct for UNIX Certified Container)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-20197

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:binutils:2.35:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7991	P	binutils-devel-32bit-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7451	P	binutils-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7446	P	bash-4.4-150400.25.22 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7490	P	emacs-27.2-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51976	P	Security update for sqlite3 (Moderate)	2022-12-28
oval:org.opensuse.security:def:804	P	Security update for postgresql-jdbc (Important)	2022-10-06
oval:org.opensuse.security:def:95430	P	Security update for gimp (Moderate)	2022-08-01
oval:org.opensuse.security:def:3705	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:3366	P	socat-1.7.2.4-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3522	P	hardlink-1.0-6.38 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94634	P	libekmfweb1-2.19.0-150400.5.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94926	P	libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94508	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2878	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94996	P	binutils-devel-32bit-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:102143	P	Security update for python-paramiko (Moderate)	2022-04-28
oval:org.opensuse.security:def:4585	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:99758	P	(Important)	2022-03-08
oval:org.opensuse.security:def:100069	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112006	P	binutils-2.37-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101639	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:99165	P	(Important)	2021-12-06
oval:org.opensuse.security:def:4517	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:111132	P	Security update for binutils (Moderate)	2021-11-15
oval:com.redhat.rhsa:def:20214364	P	RHSA-2021:4364: binutils security update (Moderate)	2021-11-09
oval:org.opensuse.security:def:93428	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:109250	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76376	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:95871	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106050	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92215	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99692	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:5882	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:67308	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:118335	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94195	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108013	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:8859	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69949	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65606	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93584	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1134	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106249	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:10360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92410	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100011	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:6219	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:68535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94406	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:93110	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108305	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74742	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101812	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105660	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9054	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:70500	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102584	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117527	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93769	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1489	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106448	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73733	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92609	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100347	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:68579	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101347	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64611	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93270	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76039	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102069	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105855	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9610	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92020	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99157	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:66971	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99559	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117819	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93983	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:106735	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73916	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92808	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100676	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:111775	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69750	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64794	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:98970	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:31296	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57522	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86163	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33734	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59815	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88528	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:29441	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55966	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84230	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:5145	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31699	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58035	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86676	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23698	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:51686	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:82648	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:125621	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33992	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:60406	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30143	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:56086	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84688	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58859	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:87500	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23988	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83350	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:126788	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:34583	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30263	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57119	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:85760	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33036	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59557	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88211	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55264	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:127185	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:105564	P	binutils-2.37-1.3 on GA media (Moderate)	2021-10-01

BACK