CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
24.1%
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is
started with root privileges, the creation of the system.data file is prone
to symlink attacks. The tss user can be used to create or corrupt existing
files, which could possibly lead to a DoS attack.
Author | Note |
---|---|
mdeslaur | the Debian/Ubuntu package starts tcsd as the tss user, not as root, so this issue doesn’t affect default configurations |
www.openwall.com/lists/oss-security/2020/08/14/1
launchpad.net/bugs/cve/CVE-2020-24332
nvd.nist.gov/vuln/detail/CVE-2020-24332
seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch
security-tracker.debian.org/tracker/CVE-2020-24332
sourceforge.net/p/trousers/mailman/message/37015817/
www.cve.org/CVERecord?id=CVE-2020-24332
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
24.1%