Veracode Vulnerability DatabaseVERACODE:30596Privilege Escalation
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
trousers is vulnerable to privilege escalation. The vulnerability exists because the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed which allows an attacker to gain privilege and perform unwanted actions.
References
www.openwall.com/lists/oss-security/2020/08/14/1
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
access.redhat.com/errata/RHSA-2021:1627
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1870054
bugzilla.suse.com/show_bug.cgi?id=1164472
lists.fedoraproject.org/archives/list/[email protected]/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/
seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch
sourceforge.net/p/trousers/mailman/message/37015817/
www.openwall.com/lists/oss-security/2020/08/14/1
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C