In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file. https://bugzilla.suse.com/show_bug.cgi?id=1207126 https://github.com/MisterTea/EternalTerminal http://www.openwall.com/lists/oss-security/2023/02/16/1
Created et tracking bugs for this issue: Affects: epel-8 [bug 2170773] Affects: fedora-all [bug 2170774]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.