NewStart CGSL MAIN 6.02 : trousers Multiple Vulnerabilities (NS-SA-2022-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has trousers packages installed that are affected by multiple vulnerabilities: - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root g...

Denial Of Service (DoS)

trousers is vulnerable to denial of service. The vulnerability exists when daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks which allows the tss user to create or corrupt existing files, which could possibly lead to a DoS attack...

CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

CVE-2020-24332

CVE-2020-24332 affects TrouSerS up to version 0.3.14. When tcsd runs with root privileges, creating the system.data file is prone to symlink attacks, allowing the tss user to create or corrupt files and potentially cause a DoS. A fix is available in trousers 0.3.15 (and advisories note the issues...

security/trousers -- several vulnerabilities

the TrouSerS project reports reports: If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed. If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file. If the tcsd daemon is starte...