Vulnerability Name:

CVE-2020-24332 (CCN-186764)

Assigned:2020-06-08
Published:2020-06-08
Updated:2022-11-18
Summary:An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-59
CWE-22
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-24332

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20200814 Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon

Source: CCN
Type: Bugzilla - Bug 1164472
VUL-0: trousers: TrouSerS tcsd privilege escalation tss to root user

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1164472

Source: XF
Type: UNKNOWN
trousers-cve202024332-dos(186764)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-ab3dace708

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch

Source: MISC
Type: Exploit, Mailing List, Mitigation, Third Party Advisory
https://sourceforge.net/p/trousers/mailman/message/37015817/

Source: CCN
Type: SourceForge TrouSerS Project Web site
TrouSerS

Vulnerable Configuration:Configuration 1:
  • cpe:/a:trustedcomputinggroup:trousers:*:*:*:*:*:*:*:* (Version <= 0.3.14)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2020-24332 (CCN-186821)

    Assigned:2020-02-20
    Published:2020-02-20
    Updated:2020-02-20
    Summary:An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
    CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
    4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
    7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
    4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Complete
    9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Type:CWE-59
    CWE-22
    Vulnerability Consequences:Gain Privileges
    References:Source: MITRE
    Type: CNA
    CVE-2020-24332

    Source: CCN
    Type: Bugzilla - Bug 1164472
    Bug 1164472 - (CVE-2020-24330) VUL-0: CVE-2020-24330: trousers: TrouSerS tcsd privilege escalation tss to root user

    Source: XF
    Type: UNKNOWN
    trousers-cve202024332-priv-esc(186821)

    Source: CCN
    Type: TrouSerS Web site
    TrouSerS

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7684
    P
    		libtspi1-0.3.15-150400.1.10 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3092
    P
    		gstreamer-1.8.3-9.5 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94722
    P
    		libtspi1-0.3.15-150400.1.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:373
    P
    		trousers-0.3.15-150400.1.10 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:112880
    P
    		libtspi1-0.3.15-1.7 on GA media (Moderate)
    2022-01-17
    oval:com.redhat.rhsa:def:20211627
    P
    		RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate)
    2021-05-18
    BACK
    trustedcomputinggroup trousers *
    fedoraproject fedora 33