cbcvebase.
CVE-2020-24332
published 2020-08-13

CVE-2020-24332: An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to…

PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.55%
42.0th percentile
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.

Affected

8 ranges
VendorProductVersion rangeFixed in
debiantrousers< trousers 0.3.15-0.1 (bookworm)trousers 0.3.15-0.1 (bookworm)
fedoraprojectfedora
msrccbl2_trousers_0.3.14-7_on_cbl_mariner_2.0
msrccm1_trousers_0.3.14-7_on_cbl_mariner_1.0
trousers_projecttrousers>= 0 < 0.3.15-0.10.3.15-0.1
trousers_projecttrousers>= 0 < 0.3.15-0.10.3.15-0.1
trousers_projecttrousers>= 0 < 0.3.15-0.10.3.15-0.1
trustedcomputinggrouptrousers<= 0.3.14

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.