CVE-2020-24330

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-24330
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24330.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24330
Related
Published
2020-08-13T17:15:13Z
Modified
2024-06-30T13:11:04.820161Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.

References

Affected packages

Debian:11 / trousers

Package

Name
trousers
Purl
pkg:deb/debian/trousers?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.3.14+fixed1-1.2
0.3.15-0.1
0.3.15-0.2
0.3.15-0.3
0.3.15-0.4

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / trousers

Package

Name
trousers
Purl
pkg:deb/debian/trousers?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.15-0.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / trousers

Package

Name
trousers
Purl
pkg:deb/debian/trousers?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.15-0.1

Ecosystem specific

{
    "urgency": "unimportant"
}