CVE-2020-24330
Published: 13 August 2020
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
Notes
Author | Note |
---|---|
mdeslaur | the Debian/Ubuntu package starts tcsd as the tss user, not as root, so this issue doesn't affect default configurations |
Priority
Status
Package | Release | Status |
---|---|---|
trousers Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
xenial |
Needs triage
|
|
hirsute |
Ignored
(end of life)
|
|
lunar |
Not vulnerable
(0.3.15-0.3)
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
jammy |
Not vulnerable
(0.3.15-0.2)
|
|
mantic |
Not vulnerable
(0.3.15-0.3)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |