An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2020/08/14/1 | Exploit Mailing List Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1164472 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/ | |
https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch | Mailing List Patch Third Party Advisory |
https://sourceforge.net/p/trousers/mailman/message/37015817/ | Exploit Mailing List Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-13T16:18:52
Updated: 2020-11-05T03:06:11
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-24332
JSON object: View
NVD Information
Status : Modified
Published: 2020-08-13T17:15:13.580
Modified: 2023-11-07T03:19:52.240
Link: CVE-2020-24332
JSON object: View
Redhat Information
No data.
CWE