Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-24330

Date: August 13, 2020

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.

Language: C

Severity Score

Related Resources (11)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/
https://security-tracker.debian.org/tracker/CVE-2020-24330
http://www.openwall.com/lists/oss-security/2020/08/14/1
https://access.redhat.com/security/cve/CVE-2020-24330
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/
https://sourceforge.net/p/trousers/mailman/message/37015817/
https://bugzilla.suse.com/show_bug.cgi?id=1164472
https://nvd.nist.gov/vuln/detail/CVE-2020-24330
https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24330
https://www.mend.io/vulnerability-database/CVE-2020-24330

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us