An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Trousers | Trustedcomputinggroup | * | 0.3.14 (including) |
Red Hat Enterprise Linux 8 | RedHat | trousers-0:0.3.15-1.el8 | * |
Trousers | Ubuntu | bionic | * |
Trousers | Ubuntu | groovy | * |
Trousers | Ubuntu | hirsute | * |
Trousers | Ubuntu | impish | * |
Trousers | Ubuntu | kinetic | * |
Trousers | Ubuntu | trusty | * |
Trousers | Ubuntu | xenial | * |