CVE-2022-24950
N/A
N/A
Summary
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jason Gauci | Eternal Terminal | unspecified < 6.2.0 | affected |
Weaknesses
- CWE-362: Race Condition (CWE-362)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
- http://www.openwall.com/lists/oss-security/2023/02/16/1
References
- https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
- http://www.openwall.com/lists/oss-security/2023/02/16/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.