{"api_version":"1","generated_at":"2026-04-23T08:51:17+00:00","cve":"CVE-2020-24332","urls":{"html":"https://cve.report/CVE-2020-24332","api":"https://cve.report/api/cve/CVE-2020-24332.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-24332","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-24332"},"summary":{"title":"CVE-2020-24332","description":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-08-13 17:15:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["CWE-59"],"metrics":[],"references":[{"url":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch","name":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch","refsource":"MISC","tags":["Mailing List","Patch","Third Party Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/","name":"FEDORA-2020-ab3dace708","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: trousers-0.3.14-4.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1164472","name":"https://bugzilla.suse.com/show_bug.cgi?id=1164472","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"Bug 1164472 – VUL-0: CVE-2020-24330: trousers: TrouSerS tcsd privilege escalation tss to root user","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/","name":"FEDORA-2020-ab3dace708","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: trousers-0.3.14-4.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceforge.net/p/trousers/mailman/message/37015817/","name":"https://sourceforge.net/p/trousers/mailman/message/37015817/","refsource":"MISC","tags":["Exploit","Mailing List","Mitigation","Third Party Advisory"],"title":"TrouSerS / [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2\n tscd Daemon","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/08/14/1","name":"[oss-security] 20200814 Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon","refsource":"MLIST","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"oss-security - Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2\n tscd Daemon","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-24332","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24332","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"24332","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"24332","vulnerable":"1","versionEndIncluding":"0.3.14","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trustedcomputinggroup","cpe5":"trousers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-24332","qid":"159198","title":"Oracle Enterprise Linux Security Update for trousers (ELSA-2021-1627)"},{"cve":"CVE-2020-24332","qid":"239325","title":"Red Hat Update for trousers (RHSA-2021:1627)"},{"cve":"CVE-2020-24332","qid":"377420","title":"Alibaba Cloud Linux Security Update for trousers (ALINUX3-SA-2022:0091)"},{"cve":"CVE-2020-24332","qid":"690530","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for security/trousers (e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0)"},{"cve":"CVE-2020-24332","qid":"900245","title":"CBL-Mariner Linux Security Update for trousers 0.3.14"},{"cve":"CVE-2020-24332","qid":"901016","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (6927-1)"},{"cve":"CVE-2020-24332","qid":"903288","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (1817)"},{"cve":"CVE-2020-24332","qid":"906241","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (1817-1)"},{"cve":"CVE-2020-24332","qid":"906408","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (6927-2)"},{"cve":"CVE-2020-24332","qid":"940087","title":"AlmaLinux Security Update for trousers (ALSA-2021:1627)"},{"cve":"CVE-2020-24332","qid":"960195","title":"Rocky Linux Security Update for trousers (RLSA-2021:1627)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-24332","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://sourceforge.net/p/trousers/mailman/message/37015817/","refsource":"MISC","name":"https://sourceforge.net/p/trousers/mailman/message/37015817/"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1164472","refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1164472"},{"url":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch","refsource":"MISC","name":"https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch"},{"refsource":"MLIST","name":"[oss-security] 20200814 Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon","url":"http://www.openwall.com/lists/oss-security/2020/08/14/1"},{"refsource":"FEDORA","name":"FEDORA-2020-ab3dace708","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/"}]}},"nvd":{"publishedDate":"2020-08-13 17:15:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["CWE-59"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":4.9},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trustedcomputinggroup:trousers:*:*:*:*:*:*:*:*","versionEndIncluding":"0.3.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"24332","Ordinal":"185741","Title":"CVE-2020-24332","CVE":"CVE-2020-24332","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"24332","Ordinal":"1","NoteData":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"24332","Ordinal":"2","NoteData":"2020-08-13","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"24332","Ordinal":"3","NoteData":"2020-11-04","Type":"Other","Title":"Modified"}]}}}