CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

@@ -13,7 +13,7 @@ int PipeSocketHandler::connect(const SocketEndpoint& endpoint) {

FATAL\_FAIL(sockFd);

initSocket(sockFd);

remote.sun\_family = AF\_UNIX;

strcpy(remote.sun\_path, pipePath.c\_str());

strncpy(remote.sun\_path, pipePath.c\_str(), sizeof(remote.sun\_path));

  

VLOG(3) << "Connecting to " << endpoint << " with fd " << sockFd;

int result =

@@ -104,7 +104,7 @@ set<int> PipeSocketHandler::listen(const SocketEndpoint& endpoint) {

FATAL\_FAIL(fd);

initServerSocket(fd);

local.sun\_family = AF\_UNIX; /\* local is declared before socket() ^ \*/

strcpy(local.sun\_path, pipePath.c\_str());

strncpy(local.sun\_path, pipePath.c\_str(), sizeof(local.sun\_path));

unlink(local.sun\_path);

  

FATAL\_FAIL(::bind(fd, (struct sockaddr\*)&local, sizeof(sockaddr\_un)));

Headline

CVE-2022-24950: red fixes (#468) · MisterTea/EternalTerminal@900348b

CVE: Latest News