fkie_cve-2013-2776
Vulnerability from fkie_nvd
Published
2013-04-08 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2013-1353.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2013-1701.html
cve@mitre.orghttp://www.debian.org/security/2013/dsa-2642
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2013/02/27/31
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
cve@mitre.orghttp://www.securityfocus.com/bid/58207
cve@mitre.orghttp://www.securityfocus.com/bid/62741
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
cve@mitre.orghttp://www.sudo.ws/repos/sudo/rev/049a12a5cc14Vendor Advisory
cve@mitre.orghttp://www.sudo.ws/repos/sudo/rev/0c0283d1fafaVendor Advisory
cve@mitre.orghttp://www.sudo.ws/sudo/alerts/tty_tickets.html
cve@mitre.orghttps://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=916365
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/82453
cve@mitre.orghttps://support.apple.com/kb/HT205031Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1353.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1701.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2642
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/02/27/31
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/58207
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62741
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/repos/sudo/rev/049a12a5cc14Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/repos/sudo/rev/0c0283d1fafaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/sudo/alerts/tty_tickets.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=916365
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/82453
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT205031Vendor Advisory
Impacted products
Vendor Product Version
todd_miller sudo 1.3.5
todd_miller sudo 1.6
todd_miller sudo 1.6.1
todd_miller sudo 1.6.2
todd_miller sudo 1.6.2p3
todd_miller sudo 1.6.3
todd_miller sudo 1.6.3_p7
todd_miller sudo 1.6.4
todd_miller sudo 1.6.4p2
todd_miller sudo 1.6.5
todd_miller sudo 1.6.6
todd_miller sudo 1.6.7
todd_miller sudo 1.6.7p5
todd_miller sudo 1.6.8
todd_miller sudo 1.6.8p12
todd_miller sudo 1.6.9
todd_miller sudo 1.6.9p20
todd_miller sudo 1.6.9p21
todd_miller sudo 1.6.9p22
todd_miller sudo 1.6.9p23
todd_miller sudo 1.7.0
todd_miller sudo 1.7.1
todd_miller sudo 1.7.2
todd_miller sudo 1.7.2p1
todd_miller sudo 1.7.2p2
todd_miller sudo 1.7.2p3
todd_miller sudo 1.7.2p4
todd_miller sudo 1.7.2p5
todd_miller sudo 1.7.2p6
todd_miller sudo 1.7.2p7
todd_miller sudo 1.7.3b1
todd_miller sudo 1.7.4
todd_miller sudo 1.7.4p1
todd_miller sudo 1.7.4p2
todd_miller sudo 1.7.4p3
todd_miller sudo 1.7.4p4
todd_miller sudo 1.7.4p5
todd_miller sudo 1.7.4p6
todd_miller sudo 1.7.5
todd_miller sudo 1.7.6
todd_miller sudo 1.7.6p1
todd_miller sudo 1.7.6p2
todd_miller sudo 1.7.7
todd_miller sudo 1.7.8
todd_miller sudo 1.7.8p1
todd_miller sudo 1.7.8p2
todd_miller sudo 1.7.9
todd_miller sudo 1.7.9p1
todd_miller sudo 1.7.10
todd_miller sudo 1.7.10p1
todd_miller sudo 1.7.10p2
todd_miller sudo 1.7.10p3
apple mac_os_x *
todd_miller sudo 1.7.10p4
todd_miller sudo 1.7.10p5
todd_miller sudo 1.8.0
todd_miller sudo 1.8.1
todd_miller sudo 1.8.1p1
todd_miller sudo 1.8.1p2
todd_miller sudo 1.8.2
todd_miller sudo 1.8.3
todd_miller sudo 1.8.3p1
todd_miller sudo 1.8.3p2
todd_miller sudo 1.8.4
todd_miller sudo 1.8.4p1
todd_miller sudo 1.8.4p2
todd_miller sudo 1.8.4p3
todd_miller sudo 1.8.4p4
todd_miller sudo 1.8.4p5
todd_miller sudo 1.8.5
todd_miller sudo 1.8.6
todd_miller sudo 1.8.6p1
todd_miller sudo 1.8.6p2
todd_miller sudo 1.8.6p3
todd_miller sudo 1.8.6p4
todd_miller sudo 1.8.6p5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4F3BEB-BF2B-4E5F-A376-E23E6B532E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
              "matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7958DC3-1D59-47CB-A4C8-40EB675ED08A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "119AC9FA-3174-4982-A58F-D5F8FACC7411",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF14E93E-29CA-4A30-966B-5D71A03A6B0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
              "versionEndIncluding": "10.10.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E59EA28-3FED-4BBC-AEC6-BE60C3107494",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D576845C-2645-46E5-B6EE-C23FA80A44B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3D2805-A361-4A13-9E19-889CBE703137",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C4F9EE-9907-46E8-980F-FEBC5591C1FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DD19E7-A84F-4667-BFF7-C8D010648330",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E5AA45-D8C7-467C-BB10-0FE923C99D73",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9BD09D8-2388-444F-926A-78BD74469928",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5F4C1EC-57BE-49E3-82AE-40B987059C41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
    },
    {
      "lang": "es",
      "value": "sudo v1.3.5 hasta v1.7.10p5 y v1.8.0 hasta  v1.8.6p6, cuando se ejecuta en sistemas sin /proc o la funci\u00f3n sysctl con la opci\u00f3n tty_tickets habilitada, no valida correctamente el control de dispositivo terminal, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorizaci\u00f3n de otra terminal a trav\u00e9s de vectores relacionados con una sesi\u00f3n sin un dispositivo terminal de control y la conexi\u00f3n a una entrada est\u00e1ndar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asign\u00f3 originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas."
    }
  ],
  "id": "CVE-2013-2776",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-08T17:55:01.127",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/58207"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/62741"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/58207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.