Upstream information
Description
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.5 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2022:10185-1, published Wed Nov 2 18:44:09 2022
- openSUSE-SU-2022:10187-1, published Wed Nov 2 18:44:09 2022
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 15 SP3 |
| Patchnames: openSUSE-2022-10187 |
| SUSE Package Hub 15 SP4 |
| Patchnames: openSUSE-2022-10185 |
| openSUSE Leap 15.3 |
| Patchnames: openSUSE-2022-10187 |
| openSUSE Leap 15.4 |
| Patchnames: openSUSE-2022-10185 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-12269 |
SUSE Timeline for this CVE
CVE page created: Tue Aug 16 12:00:11 2022CVE page last modified: Tue Sep 3 19:25:20 2024