CVE-2013-1776

NONECVSS 0.0

0.0

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

🔗 References (32)

secalert@redhathttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
secalert@redhathttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-1353.html
secalert@redhathttp://www.debian.org/security/2013/dsa-2642
secalert@redhathttp://www.openwall.com/lists/oss-security/2013/02/27/31
secalert@redhathttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
secalert@redhathttp://www.securityfocus.com/bid/58207
secalert@redhathttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
secalert@redhathttp://www.sudo.ws/repos/sudo/rev/632f8e028191
secalert@redhathttp://www.sudo.ws/repos/sudo/rev/6b22be4d09f0
secalert@redhathttp://www.sudo.ws/sudo/alerts/tty_tickets.html
secalert@redhathttps://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=916365
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/82453

Is Your Infrastructure Affected by CVE-2013-1776?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-1776

📅 Published

🔄 Last Modified

🔗 References (32)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-1776?