Description

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.

Related CPE's

a

eternal_terminal_project

eternal_terminal

6.2.1

Vulnerable

References

http://www.openwall.com/lists/oss-security/2023/02/16/1

https://github.com/MisterTea/EternalTerminal/issues/555

PatchThird Party Advisory

https://github.com/MisterTea/EternalTerminal/pull/556

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2RY6PKBU73I45L6YWNYCUK2XBEXEFX7L/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYODHZECXYFC2BNODZPZXZAXOKGMCYAP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6MO4FSKYNSAJVUXYP7LRY7ARUIGKBFL/

http://www.openwall.com/lists/oss-security/2023/02/16/1

https://github.com/MisterTea/EternalTerminal/issues/555

PatchThird Party Advisory

https://github.com/MisterTea/EternalTerminal/pull/556

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2RY6PKBU73I45L6YWNYCUK2XBEXEFX7L/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYODHZECXYFC2BNODZPZXZAXOKGMCYAP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6MO4FSKYNSAJVUXYP7LRY7ARUIGKBFL/

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-13T01:15:10.243

2 years ago

Last modified

2025-04-07T16:15:19.130

3 months ago