PT-2020-15684 · Trousers+6 · Trousers+6

Matthias Gerstner

Published

2020-08-13

Updated

2024-12-17

CVE-2020-24332

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TrouSerS versions prior to 0.3.14

Description An issue was discovered where the creation of the system.data file is prone to symlink attacks if the tcsd daemon is started with root privileges. This could allow the tss user to create or corrupt existing files, potentially leading to a denial of service attack.

Recommendations For versions prior to 0.3.14, consider running the tcsd daemon with reduced privileges to minimize the risk of exploitation. As a temporary workaround, restrict the tss user's access to sensitive files and directories until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2021:1627

ALT-PU-2021-1148

ALT-PU-2021-1350

ALT-PU-2024-11154

AZL-6927

CESA-2021_1627

CVE-2020-24332

MGASA-2021-0297

OPENSUSE-SU-2024:11476-1

RHSA-2021:1627

RHSA-2021_1627

RLSA-2021:1627

ROSA-SA-2024-2543

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Trousers

PT-2020-15684 · Trousers+6 · Trousers+6

CVE-2020-24332

Weakness Enumeration

Related Identifiers

Affected Products

References · 32