Home

CVE-2020-24330

Description

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.19

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-debugsource-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-debugsource-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-lib-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-lib-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-debuginfo-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-debuginfo-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-lib-debuginfo-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-lib-debuginfo-0.3.15-1.el8.x86_64.rpmLinux
trousers security, bug fix, and enhancement update (RLSA-2021:1627) trousers-0.3.15-1.el8.x86_64.rpmLinux
trousers security, bug fix, and enhancement update (RLSA-2021:1627) trousers-lib-0.3.15-1.el8.i686.rpmLinux
trousers security, bug fix, and enhancement update (RLSA-2021:1627) trousers-lib-0.3.15-1.el8.x86_64.rpmLinux
Trousers update (ELSA-2021-1627) trousers-0.3.15-1.el8.x86_64.rpmLinux
Trousers-lib update (ELSA-2021-1627) trousers-lib-0.3.15-1.el8.i686.rpmLinux
Trousers-lib update (ELSA-2021-1627) trousers-lib-0.3.15-1.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234