Home

CVE-2020-24332

Description

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.244

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-debugsource-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-debugsource-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-lib-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627) trousers security, bug fix, and enhancement update trousers-lib-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-debuginfo-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-debuginfo-0.3.15-1.el8.x86_64.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-lib-debuginfo-0.3.15-1.el8.i686.rpmLinux
(RHSA-2021:1627)Moderate: security, bug fix, and enhancement update trousers-lib-debuginfo-0.3.15-1.el8.x86_64.rpmLinux
trousers security, bug fix, and enhancement update (RLSA-2021:1627) trousers-0.3.15-1.el8.x86_64.rpmLinux
trousers security, bug fix, and enhancement update (RLSA-2021:1627) trousers-lib-0.3.15-1.el8.i686.rpmLinux
trousers security, bug fix, and enhancement update (RLSA-2021:1627) trousers-lib-0.3.15-1.el8.x86_64.rpmLinux
Trousers update (ELSA-2021-1627) trousers-0.3.15-1.el8.x86_64.rpmLinux
Trousers-lib update (ELSA-2021-1627) trousers-lib-0.3.15-1.el8.i686.rpmLinux
Trousers-lib update (ELSA-2021-1627) trousers-lib-0.3.15-1.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234