CVE-2020-24331

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TrouSerS versions prior to 0.3.14

Description An issue was discovered where the tss user still has read and write access to the /etc/tcsd.conf file, which contains various settings related to the tcsd daemon, if the daemon is started with root privileges.

Recommendations For versions prior to 0.3.14, consider restricting access to the /etc/tcsd.conf file to prevent unauthorized modifications. As a temporary workaround, consider running the tcsd daemon with reduced privileges to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2021:1627

ALT-PU-2021-1148

ALT-PU-2021-1350

ALT-PU-2024-11154

AZL-6926

CESA-2021_1627

CVE-2020-24331

MGASA-2021-0297

RHSA-2021:1627

RHSA-2021_1627

RLSA-2021:1627

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Trousers

CVE-2020-24331

Weakness Enumeration

Related Identifiers

Affected Products

References · 29