rpm package
opensuse/trousers&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/trousers&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-24332 | — | < 0.3.15-1.7 | 0.3.15-1.7 | Aug 13, 2020 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | ||
| CVE-2019-18898 | — | < 0.3.15-1.7 | 0.3.15-1.7 | Jan 23, 2020 | UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior |
- CVE-2020-24332Aug 13, 2020affected < 0.3.15-1.7fixed 0.3.15-1.7
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
- CVE-2019-18898Jan 23, 2020affected < 0.3.15-1.7fixed 0.3.15-1.7
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior