Note:
This project will be discontinued after December 13, 2021. [more]
2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
| Products | Fedora, Trousers |
| Type | Improper Privilege Management (CWE-269) |
| First patch | - None (likely due to unavailable code) |
| Patches | https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch |
| Links |
• https://sourceforge.net/p/trousers/mailman/message/37015817/
• http://www.openwall.com/lists/oss-security/2020/08/14/1 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/ • https://bugzilla.suse.com/show_bug.cgi?id=1164472 |