CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
ATT&CK techniques detected
T1222.001Windows Permissions
42%
“cve - 2021 - 20197 there is an open race window when writing output in the following utilities in gnu binutils version 2. 35 and earlier : ar objcopy strip ranlib. when these utilities are run as a privileged user ( presumably as part of a script updating binaries across differen…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Information published.