{"api_version":"1","generated_at":"2026-04-23T14:43:45+00:00","cve":"CVE-2020-24330","urls":{"html":"https://cve.report/CVE-2020-24330","api":"https://cve.report/api/cve/CVE-2020-24330.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-24330","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-24330"},"summary":{"title":"CVE-2020-24330","description":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-08-13 17:15:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch","name":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch","refsource":"MISC","tags":["Mailing List","Patch","Third Party Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/","name":"FEDORA-2020-ab3dace708","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: trousers-0.3.14-4.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1164472","name":"https://bugzilla.suse.com/show_bug.cgi?id=1164472","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"Bug 1164472 – VUL-0: CVE-2020-24330: trousers: TrouSerS tcsd privilege escalation tss to root user","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/","name":"FEDORA-2020-ab3dace708","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: trousers-0.3.14-4.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceforge.net/p/trousers/mailman/message/37015817/","name":"https://sourceforge.net/p/trousers/mailman/message/37015817/","refsource":"MISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"TrouSerS / [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2\n tscd Daemon","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/08/14/1","name":"[oss-security] 20200814 Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon","refsource":"MLIST","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"oss-security - Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2\n tscd Daemon","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-24330","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24330","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"24330","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"24330","vulnerable":"1","versionEndIncluding":"0.3.14","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trousers_project","cpe5":"trousers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-24330","qid":"159198","title":"Oracle Enterprise Linux Security Update for trousers (ELSA-2021-1627)"},{"cve":"CVE-2020-24330","qid":"239325","title":"Red Hat Update for trousers (RHSA-2021:1627)"},{"cve":"CVE-2020-24330","qid":"377420","title":"Alibaba Cloud Linux Security Update for trousers (ALINUX3-SA-2022:0091)"},{"cve":"CVE-2020-24330","qid":"690530","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for security/trousers (e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0)"},{"cve":"CVE-2020-24330","qid":"752459","title":"SUSE Enterprise Linux Security Update for trousers (SUSE-SU-2022:2798-1)"},{"cve":"CVE-2020-24330","qid":"900082","title":"CBL-Mariner Linux Security Update for trousers 0.3.14"},{"cve":"CVE-2020-24330","qid":"901373","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (6925-1)"},{"cve":"CVE-2020-24330","qid":"902987","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (1986)"},{"cve":"CVE-2020-24330","qid":"940087","title":"AlmaLinux Security Update for trousers (ALSA-2021:1627)"},{"cve":"CVE-2020-24330","qid":"960195","title":"Rocky Linux Security Update for trousers (RLSA-2021:1627)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-24330","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://sourceforge.net/p/trousers/mailman/message/37015817/","refsource":"MISC","name":"https://sourceforge.net/p/trousers/mailman/message/37015817/"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1164472","refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1164472"},{"url":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch","refsource":"MISC","name":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch"},{"refsource":"MLIST","name":"[oss-security] 20200814 Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon","url":"http://www.openwall.com/lists/oss-security/2020/08/14/1"},{"refsource":"FEDORA","name":"FEDORA-2020-ab3dace708","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/"}]}},"nvd":{"publishedDate":"2020-08-13 17:15:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trousers_project:trousers:*:*:*:*:*:*:*:*","versionEndIncluding":"0.3.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"24330","Ordinal":"185739","Title":"CVE-2020-24330","CVE":"CVE-2020-24330","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"24330","Ordinal":"1","NoteData":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"24330","Ordinal":"2","NoteData":"2020-08-13","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"24330","Ordinal":"3","NoteData":"2020-11-04","Type":"Other","Title":"Modified"}]}}}