CVE-2013-1776

NONE EPSS 29.7%
Published Apr 8, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 8, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Threat Intelligence

EPSS Exploit Probability
29.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-264

Affected Products 65

VendorProductVersionRange
applemac_os_x* ≤10.10.4
todd_millersudo1.8.0any
todd_millersudo1.8.1any
todd_millersudo1.8.1p1any
todd_millersudo1.8.1p2any
todd_millersudo1.8.2any
todd_millersudo1.8.3any
todd_millersudo1.8.3p1any
todd_millersudo1.8.3p2any
todd_millersudo1.8.4any
todd_millersudo1.8.4p1any
todd_millersudo1.8.4p2any
todd_millersudo1.8.4p3any
todd_millersudo1.8.4p4any
todd_millersudo1.8.4p5any
todd_millersudo1.8.5any
todd_millersudo1.3.5any
todd_millersudo1.6any
todd_millersudo1.6.1any
todd_millersudo1.6.2any
todd_millersudo1.6.2p3any
todd_millersudo1.6.3any
todd_millersudo1.6.3_p7any
todd_millersudo1.6.4any
todd_millersudo1.6.4p2any
todd_millersudo1.6.5any
todd_millersudo1.6.6any
todd_millersudo1.6.7any
todd_millersudo1.6.7p5any
todd_millersudo1.6.8any
todd_millersudo1.6.8p12any
todd_millersudo1.6.9any
todd_millersudo1.6.9p20any
todd_millersudo1.6.9p21any
todd_millersudo1.6.9p22any
todd_millersudo1.6.9p23any
todd_millersudo1.7.0any
todd_millersudo1.7.1any
todd_millersudo1.7.2any
todd_millersudo1.7.2p1any
todd_millersudo1.7.2p2any
todd_millersudo1.7.2p3any
todd_millersudo1.7.2p4any
todd_millersudo1.7.2p5any
todd_millersudo1.7.2p6any
todd_millersudo1.7.2p7any
todd_millersudo1.7.3b1any
todd_millersudo1.7.4any
todd_millersudo1.7.4p1any
todd_millersudo1.7.4p2any
todd_millersudo1.7.4p3any
todd_millersudo1.7.4p4any
todd_millersudo1.7.4p5any
todd_millersudo1.7.4p6any
todd_millersudo1.7.5any
todd_millersudo1.7.6any
todd_millersudo1.7.6p1any
todd_millersudo1.7.6p2any
todd_millersudo1.7.7any
todd_millersudo1.7.8any
todd_millersudo1.7.8p1any
todd_millersudo1.7.8p2any
todd_millersudo1.7.9any
todd_millersudo1.7.9p1any
todd_millersudo1.7.10any

References 16

  • bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1353.html
  • debian.org http://www.debian.org/security/2013/dsa-2642
  • openwall.com http://www.openwall.com/lists/oss-security/2013/02/27/31
  • oracle.com http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
  • securityfocus.com http://www.securityfocus.com/bid/58207
  • slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
  • sudo.ws http://www.sudo.ws/repos/sudo/rev/632f8e028191
  • sudo.ws http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0
  • sudo.ws http://www.sudo.ws/sudo/alerts/tty_tickets.html
    Vendor Advisory
  • bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=916365
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/82453
  • support.apple.com https://support.apple.com/kb/HT205031
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.