Bug 1202434 (CVE-2022-24950) - VUL-0: CVE-2022-24950: EternalTerminal: race condition allows authenticated attacker to hijack other users' SSH authorization socket
Summary: VUL-0: CVE-2022-24950: EternalTerminal: race condition allows authenticated a...
Status: IN_PROGRESS
Alias: CVE-2022-24950
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: Other Other
: P3 - Medium : Minor (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/339930/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-16 12:20 UTC by Robert Frohl
Modified: 2022-11-02 17:28 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-08-16 12:20:16 UTC 
CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows
an authenticated attacker to hijack other users' SSH authorization socket,
enabling the attacker to login to other systems as the targeted users. The bug
is in UserTerminalRouter::getInfoForId().

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24950
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
Comment 1 Robert Frohl 2022-08-16 12:20:48 UTC 
already fixed in openSUSE:Factory but open for openSUSE:Backports:SLE-15-SP*
Comment 2 Michael Vetter 2022-08-18 06:30:29 UTC 
I think a version upgrade would make sense here.

SR#SR#997668 to Factory to include CVE/bugnumbers and adding the switch to choose gcc for Leap versions

Update to 6.2.1:
openSUSE_Backports_SLE-15-SP3_Update SR#997669                              
openSUSE_Backports_SLE-15-SP4_Update SR#997670
Comment 3 OBSbugzilla Bot 2022-08-18 08:40:17 UTC 
This is an autogenerated message for OBS integration:
This bug (1202434) was mentioned in
https://build.opensuse.org/request/show/997668 Factory / EternalTerminal
https://build.opensuse.org/request/show/997669 Backports:SLE-15-SP3 / EternalTerminal
https://build.opensuse.org/request/show/997670 Backports:SLE-15-SP4 / EternalTerminal
Comment 4 Swamp Workflow Management 2022-11-02 17:24:28 UTC 
openSUSE-SU-2022:10187-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1202432,1202433,1202434,1202435
CVE References: CVE-2022-24949,CVE-2022-24950,CVE-2022-24951,CVE-2022-24952
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    EternalTerminal-6.2.1-bp153.2.3.1
Comment 5 Swamp Workflow Management 2022-11-02 17:28:59 UTC 
openSUSE-SU-2022:10185-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1202432,1202433,1202434,1202435
CVE References: CVE-2022-24949,CVE-2022-24950,CVE-2022-24951,CVE-2022-24952
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    EternalTerminal-6.2.1-bp154.2.3.1