CVE-2020-24332 – trousers: tss user can be used to create or corrupt existing files, this could lead to DoS
https://notcve.org/view.php?id=CVE-2020-24332
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root, la creación del archivo system.data es propensa a ataques de tipo symlink. • http://www.openwall.com/lists/oss-security/2020/08/14/1 https://bugzilla.suse.com/show_bug.cgi?id=1164472 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch https://sourceforge.net/p/trousers/mailman/message/37015817 https://access.redhat.com/security/cve/CVE-2020-24332 https://bugzilla.redhat.com/show_bug.cgi?id=1870052 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2012-0698 – TrouSerS - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0698
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. tcsd en TrouSerS antes de v0.3.10 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un valor type_offset modificado en un paquete TCP al puerto 30003. A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost only. • https://www.exploit-db.com/exploits/22904 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649 http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html http://secunia.com/advisories/51295 http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358 http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3Bh=50dd06a6f639b76b3bb629606ef71b2dc5407601 http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •