Candidate: CVE-2021-20197
PublicDate: 2021-03-26 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197
Description:
 There is an open race window when writing output in the following utilities
 in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When
 these utilities are run as a privileged user (presumably as part of a
 script updating binaries across different users), an unprivileged user can
 trick these utilities into getting ownership of arbitrary files through a
 symlink.
Ubuntu-Description:
Notes:
 mdeslaur> commits below are from 2.36 branch. At some point, commits were
 mdeslaur> reverted and then reinstated later on. The list below doesn't
 mdeslaur> include the added and reverted commits.
 mdeslaur>
 mdeslaur> These changes are quite intrusive to backport, are regression-
 mdeslaur> prone and may introduce regressions in other packages. For this
 mdeslaur> reason we will not be fixing this issue in stable releases.
Mitigation:
Bugs:
 https://sourceware.org/bugzilla/show_bug.cgi?id=26945
 https://sourceware.org/bugzilla/show_bug.cgi?id=27270 (regression)
 https://sourceware.org/bugzilla/show_bug.cgi?id=27284 (regression)
 https://sourceware.org/bugzilla/show_bug.cgi?id=27456 (regression)
 https://bugzilla.redhat.com/show_bug.cgi?id=1951278#c3 (regression)
Priority: low
Discovered-by: Rich Felker
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N [6.3 MEDIUM]


Patches_binutils:
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=8e03235147a9e774d3ba084e93c2da1aa94d1cec
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=d3edaa91d4cf7202ec14342410194841e2f67f12
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=8b69e61d4be276bb862698aaafddc3e779d23c8f
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=08bdb5f4f98b6a5e1a9bdc89e7d1889933859caf
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=1aad0a424af288cbd7f70ad5f932664a1abd5a79
 upstream: https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=e4454ee18960b092ba10e43100d43fef12f65b26
upstream_binutils: released (2.36.1)
precise/esm_binutils: ignored (end of ESM support, was needs-triage)
trusty_binutils: ignored (out of standard support)
trusty/esm_binutils: ignored
xenial_binutils: ignored (end of standard support, was needs-triage)
esm-infra/xenial_binutils: ignored
bionic_binutils: ignored
focal_binutils: ignored
groovy_binutils: ignored (reached end-of-life)
hirsute_binutils: not-affected (2.36.1-6ubuntu1)
impish_binutils: not-affected (2.36.1-6ubuntu1)
jammy_binutils: not-affected (2.36.1-6ubuntu1)
devel_binutils: not-affected (2.36.1-6ubuntu1)