Adi-Ajit

#9702of 53,630
28.5Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2022-17005
7.5
2022-08-16
Unknown · Eternal Terminal · CVE-2022-24949
**Name of the Vulnerable Software and Affected Versions** Eternal Terminal versions prior to 6.2.0 **Description** A privilege escalation to root exists due to the combination of a race condition, buffer overflow, and logic bug all in `PipeSocketHandler::listen()`. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `PipeSocketHandler::listen()` function until a patch is available.
PT-2022-17007
7.5
2022-08-16
Unknown · Eternal Terminal · CVE-2022-24950
**Name of the Vulnerable Software and Affected Versions** Eternal Terminal versions prior to 6.2.0 **Description** A race condition exists in the software that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in the `getInfoForId()` function of `UserTerminalRouter`. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `UserTerminalRouter::getInfoForId()` function until a patch is available.
PT-2022-17008
7.0
2022-08-16
Unknown · Eternal Terminal · CVE-2022-24951
**Name of the Vulnerable Software and Affected Versions** Eternal Terminal versions prior to 6.2.0 **Description** A race condition exists in Eternal Terminal, allowing a local attacker to hijack Eternal Terminal's IPC socket. This enables access to Eternal Terminal clients that attempt to connect in the future. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC socket to minimize the risk of exploitation.
PT-2022-17009
6.5
2022-08-16
Unknown · Eternal Terminal · CVE-2022-24952
**Name of the Vulnerable Software and Affected Versions** Eternal Terminal versions prior to 6.2.0 **Description** The issue involves several denial of service vulnerabilities. These include a denial of service that can be triggered remotely by an invalid sequence number and a local bug that can be triggered by sending invalid input directly to the IPC socket. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.