CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2020-24332 – trousers: tss user can be used to create or corrupt existing files, this could lead to DoS
https://notcve.org/view.php?id=CVE-2020-24332
13 Aug 2020 — An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. Se detectó un problema en TrouSerS versiones hasta 0.3.14. Si el demonio tcsd es iniciado con privilegios root, la creación del archivo system.data es propensa a ataques de tipo symlink. • http://www.openwall.com/lists/oss-security/2020/08/14/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 27%CPEs: 14EXPL: 2CVE-2012-0698 – TrouSerS - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0698
26 Nov 2012 — tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. tcsd en TrouSerS antes de v0.3.10 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un valor type_offset modificado en un paquete TCP al puerto 30003. A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a spe... • https://www.exploit-db.com/exploits/22904 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •