74 matches found
MiracleLinux 8 : trousers-0.3.15-1.el8 (AXSA:2021-1817:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1817:01 advisory. trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root CVE-2020-24331 trousers: tss user can be us...
EUVD-2020-17064
Malware in sbrugna...
EUVD-2020-17065
Malware in sbrugna...
RHEL 7 : trousers (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root...
Rocky Linux 8 : trousers (RLSA-2021:1627)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1627 advisory. - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop th...
SUSE CVE-2020-24331
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file which contains various settings related to this daemon...
SUSE CVE-2020-24332
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...
SUSE SLES15 Security Update : trousers (SUSE-SU-2022:2798-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2798-1 advisory. - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fail...
NewStart CGSL MAIN 6.02 : trousers Multiple Vulnerabilities (NS-SA-2022-0066)
The remote NewStart CGSL host, running version MAIN 6.02, has trousers packages installed that are affected by multiple vulnerabilities: - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root g...
AlmaLinux 8 : trousers (ALSA-2021:1627)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1627 advisory. - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the...
Mageia: Security Advisory (MGASA-2021-0297)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for trousers (EulerOS-SA-2021-2171)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.2 : trousers (EulerOS-SA-2021-2171)
According to the versions of the trousers package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss use...
Advisory ROSA-SA-2021-1989
Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...
Updated trousers packages fix security vulnerabilities
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed CVE-2020-24330. An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with...
MGASA-2021-0297 Updated trousers packages fix security vulnerabilities
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed CVE-2020-24330. An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with...
Privilege Escalation
trousers is vulnerable to privilege escalation. The vulnerability exists because the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed which allows an attacker to gain privilege and perform unwanted actions...
RHEL 8 : trousers (RHSA-2021:1627)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1627 advisory. TrouSerS is an implementation of the Trusted Computing Group's Software Stack TSS specification. TrouSerS enables the user to write...
trousers: tss user can be used to create or corrupt existing files, this could lead to DoS
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...
trousers: fails to drop the root gid privilege when no longer needed
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed...