Bug 2119453 (CVE-2022-24950)

Summary: CVE-2022-24950 eternalterminal: SSH Authorization Socket Hijacking
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: filbranden, jgmath2000, michel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: et 6.1.9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-02 02:55:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2119462, 2119465    
Bug Blocks: 2119474    

Description TEJ RATHI 2022-08-18 15:12:49 UTC 
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
Comment 1 TEJ RATHI 2022-08-18 15:18:23 UTC 
Created et tracking bugs for this issue:

Affects: epel-all [bug 2119462]
Affects: fedora-all [bug 2119465]
Comment 2 Product Security DevOps Team 2022-09-02 02:55:46 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.