CVE-2022-24949 - OpenCVE

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Eternal Terminal Project	Eternal Terminal

Configuration 1 [-]

cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3	Patch Third Party Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: facebook

Published: 2022-08-16T00:30:36

Updated: 2022-08-16T00:30:36

Reserved: 2022-02-11T00:00:00

Link: CVE-2022-24949

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-16T01:15:07.907

Modified: 2023-11-07T03:44:43.080

Link: CVE-2022-24949

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Eternal Terminal", "vendor": "Jason Gauci", "versions": [{"lessThan": "6.2.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "dateAssigned": "2022-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen()."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "Race Condition (CWE-362), Classic Buffer Overflow (CWE-120)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-16T00:30:36", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2022-02-10", "ID": "CVE-2022-24949", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eternal Terminal", "version": {"version_data": [{"version_affected": "<", "version_value": "6.2.0"}]}}]}, "vendor_name": "Jason Gauci"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen()."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Race Condition (CWE-362), Classic Buffer Overflow (CWE-120)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3", "refsource": "CONFIRM", "url": "https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3"}, {"name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv", "refsource": "MISC", "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-hxg8-4r3q-p9rv"}]}}}}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2022-24949", "datePublished": "2022-08-16T00:30:36", "dateReserved": "2022-02-11T00:00:00", "dateUpdated": "2022-08-16T00:30:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}