PT-2022-17008 · Unknown · Eternal Terminal

Adi-Ajit

Published

2022-08-16

Updated

2024-06-15

CVE-2022-24951

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eternal Terminal versions prior to 6.2.0

Description A race condition exists in Eternal Terminal, allowing a local attacker to hijack Eternal Terminal's IPC socket. This enables access to Eternal Terminal clients that attempt to connect in the future.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC socket to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2022-24951

GHSA-546V-59J5-G95Q

OPENSUSE-SU-2022:10185-1

OPENSUSE-SU-2022:10187-1

OPENSUSE-SU-2024:12269-1

Affected Products

Eternal Terminal

PT-2022-17008 · Unknown · Eternal Terminal

CVE-2022-24951

Weakness Enumeration

Related Identifiers

Affected Products

References · 19