CVE-2020-24330 – trousers: fails to drop the root gid privilege when no longer needed
https://notcve.org/view.php?id=CVE-2020-24330
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root en lugar de hacerlo por el usuario tss, se produce un fallo al no poder eliminar el privilegio de root gid cuando ya no es necesario • http://www.openwall.com/lists/oss-security/2020/08/14/1 https://bugzilla.suse.com/show_bug.cgi?id=1164472 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch https://sourceforge.net/p/trousers/mailman/message/37015817 https://access.redhat.com/security/cve/CVE-2020-24330 https://bugzilla.redhat.com/show_bug.cgi?id=1870054 • CWE-269: Improper Privilege Management CWE-271: Privilege Dropping / Lowering Errors •
CVE-2020-24331 – trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root
https://notcve.org/view.php?id=CVE-2020-24331
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root, el usuario tss aún tiene acceso de lectura y escritura al archivo /etc/tcsd.conf (que contiene varias configuraciones relacionadas con este demonio) • http://www.openwall.com/lists/oss-security/2020/08/14/1 https://bugzilla.suse.com/show_bug.cgi?id=1164472 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch https://sourceforge.net/p/trousers/mailman/message/37015817 https://access.redhat.com/security/cve/CVE-2020-24331 https://bugzilla.redhat.com/show_bug.cgi?id=1870056 • CWE-269: Improper Privilege Management •
CVE-2020-24332 – trousers: tss user can be used to create or corrupt existing files, this could lead to DoS
https://notcve.org/view.php?id=CVE-2020-24332
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root, la creación del archivo system.data es propensa a ataques de tipo symlink. • http://www.openwall.com/lists/oss-security/2020/08/14/1 https://bugzilla.suse.com/show_bug.cgi?id=1164472 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch https://sourceforge.net/p/trousers/mailman/message/37015817 https://access.redhat.com/security/cve/CVE-2020-24332 https://bugzilla.redhat.com/show_bug.cgi?id=1870052 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18898 – trousers: Local privilege escalation from tss to root
https://notcve.org/view.php?id=CVE-2019-18898
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. Enlace simbólico de UNIX (Symlink) Siguiendo la vulnerabilidad en el paquete trousers de SUSE Linux Enterprise Server 15 SP1; Los atacantes locales permitidos por openSUSE Factory escalan los privilegios del usuario tss al root. Este problema afecta a: SUSE Linux Enterprise Server 15 SP1 versiones de trousers anteriores a la versión 0.3.14-6.3.1. Versiones de trousers openSUSE Factory anteriores a la versión 0.3.14-7.1. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html https://bugzilla.suse.com/show_bug.cgi?id=1157651 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2012-0698 – TrouSerS - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0698
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. tcsd en TrouSerS antes de v0.3.10 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un valor type_offset modificado en un paquete TCP al puerto 30003. A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost only. • https://www.exploit-db.com/exploits/22904 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649 http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html http://secunia.com/advisories/51295 http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358 http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3Bh=50dd06a6f639b76b3bb629606ef71b2dc5407601 http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •