CVE-2022-24949: 
Linux openSUSE vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2022-24949) was discovered in Eternal Terminal versions prior to 6.2.0. The vulnerability allows an authenticated attacker to escalate their privileges to root on the target system. The issue was disclosed on October 29, 2021, and was patched in version 6.1.9 (Meta Red Team).

The vulnerability stems from a combination of three distinct issues in the PipeSocketHandler::listen() function: a race condition, a buffer overflow, and a logic bug. The logic bug allows sending crafted InitialPayload packets containing a PortForwardSourceRequest with arbitrary SocketEndpoint, leading to arbitrary file deletion through unlink() calls. The race condition exists between bind() and chmod()/chown() calls, allowing file permission and ownership modifications through symlink manipulation. The buffer overflow occurs due to unbounded strcpy() of the name variable into local.sun_path, where the maximum path length is 108 characters (Meta Red Team).

When successfully exploited, this vulnerability allows an authenticated attacker to gain root privileges on the target system. The attacker can modify critical system files, including /etc/passwd, effectively achieving complete system compromise (Meta Red Team).

The vulnerability has been patched in Eternal Terminal version 6.1.9. Users are strongly advised to upgrade to this version or later. The fix includes proper bounds checking, race condition elimination, and logic bug fixes as evidenced in the commit (ET Commit).