CVE-2022-24950: 
Linux openSUSE vulnerability analysis and mitigation

A race condition vulnerability was discovered in Eternal Terminal versions prior to 6.2.0, identified as CVE-2022-24950. The vulnerability allows an authenticated attacker to hijack other users' SSH authorization socket, which can be exploited to enable unauthorized login to other systems as the targeted users. The vulnerability was discovered in the UserTerminalRouter::getInfoForId() function and was publicly disclosed in early 2022 (GitHub Advisory, NVD).

The vulnerability stems from a logic bug in UserTerminalRouter::getInfoForId() where user info for a client connection is pulled from a mutable unordered_map named idInfoMap. This user info is retrieved in TerminalServer::run() and later passed to pipeSocketHandler::listen() to set permissions on the forwarded SSH socket. The race condition occurs during the retrieval and modification of user information, allowing an attacker to manipulate the contents of idInfoMap such that the forwarded SSH socket ownership is transferred to the attacker (GitHub Advisory).

When successfully exploited, the vulnerability allows an authenticated attacker to gain ownership of forwarded ssh-agent sockets of other users. This enables the attacker to login to any other machine that the targeted user could normally access via SSH. Additionally, as a side effect, the victim may be given a session as the attacker upon logging on (GitHub Advisory).

The vulnerability was patched in Eternal Terminal version 6.2.0. Users are advised to upgrade to this version or later to protect against this vulnerability. The fix was implemented by adding proper synchronization mechanisms to prevent the race condition (GitHub Advisory).