SB2022081663 - Multiple vulnerabilities in Eternal Terminal

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-24949)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the PipeSocketHandler::listen() function. A remote user can trigger a race condition and execute arbitrary code on the system.

2) Race condition (CVE-ID: CVE-2022-24950)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition. A remote user can hijack other users' SSH authorization socket and login as other users.

3) Race condition (CVE-ID: CVE-2022-24951)

The vulnerability allows a local user to hijack Eternal Terminal's IPC socket.

The vulnerability exists due to a race condition. A local user can hijack Eternal Terminal's IPC socket and allow remote clients to connect to the system.

4) Input validation error (CVE-ID: CVE-2022-24952)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send  specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv
• https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
• https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
• http://www.openwall.com/lists/oss-security/2023/02/16/1
• https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
• https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q
• https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8cw3-6r98-g7cw