CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2020-24330 – trousers: fails to drop the root gid privilege when no longer needed
https://notcve.org/view.php?id=CVE-2020-24330
13 Aug 2020 — An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root en lugar de hacerlo por el usuario tss, se produce un fallo al no poder eliminar el privilegio de root gid cuando ya no es necesario Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Ad... • http://www.openwall.com/lists/oss-security/2020/08/14/1 • CWE-269: Improper Privilege Management CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2020-24331 – trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root
https://notcve.org/view.php?id=CVE-2020-24331
13 Aug 2020 — An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root, el usuario tss aún tiene acceso de lectura y escritura al archivo /etc/tcsd.conf (que contiene varias configuraciones relacionadas con este demonio) Red Hat Advanced ... • http://www.openwall.com/lists/oss-security/2020/08/14/1 • CWE-269: Improper Privilege Management •