Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2013-1776

Published: 08/04/2013 Updated: 29/08/2017
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mac Os X

Vulnerability Summary

sudo 1.3.5 up to and including 1.7.10 and 1.8.0 up to and including 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

todd miller sudo 1.8.1p2

todd miller sudo 1.8.2

todd miller sudo 1.8.4p4

todd miller sudo 1.8.4p5

todd miller sudo 1.8.3

todd miller sudo 1.8.3p1

todd miller sudo 1.8.3p2

todd miller sudo 1.8.5

todd miller sudo 1.8.0

todd miller sudo 1.8.4

todd miller sudo 1.8.4p1

todd miller sudo 1.8.1

todd miller sudo 1.8.1p1

todd miller sudo 1.8.4p2

todd miller sudo 1.8.4p3

todd miller sudo 1.7.8p1

todd miller sudo 1.7.8

todd miller sudo 1.7.4p2

todd miller sudo 1.7.4p3

todd miller sudo 1.7.4

todd miller sudo 1.7.2p4

todd miller sudo 1.7.2p2

todd miller sudo 1.6.9p23

todd miller sudo 1.6.5

todd miller sudo 1.6.9p22

todd miller sudo 1.6.2p3

todd miller sudo 1.6.2

todd miller sudo 1.6.3

todd miller sudo 1.7.7

todd miller sudo 1.7.6p2

todd miller sudo 1.7.4p1

todd miller sudo 1.7.4p4

todd miller sudo 1.7.2p3

todd miller sudo 1.7.2

todd miller sudo 1.6.4p2

todd miller sudo 1.6.9p20

todd miller sudo 1.6.7p5

todd miller sudo 1.6.8p12

todd miller sudo 1.3.5

todd miller sudo 1.7.10

todd miller sudo 1.7.9p1

todd miller sudo 1.7.6p1

todd miller sudo 1.7.6

todd miller sudo 1.7.4p6

todd miller sudo 1.7.3b1

todd miller sudo 1.7.2p1

todd miller sudo 1.7.2p7

todd miller sudo 1.6.9p21

todd miller sudo 1.6.4

todd miller sudo 1.6.3_p7

todd miller sudo 1.6.9

todd miller sudo 1.7.9

todd miller sudo 1.7.8p2

todd miller sudo 1.7.5

todd miller sudo 1.7.4p5

todd miller sudo 1.7.2p6

todd miller sudo 1.7.2p5

todd miller sudo 1.7.1

todd miller sudo 1.7.0

todd miller sudo 1.6.8

todd miller sudo 1.6.6

todd miller sudo 1.6.7

todd miller sudo 1.6

todd miller sudo 1.6.1

Vendor Advisories

Red Hat: Low: sudo security and bug fix update
Synopsis Low: sudo security and bug fix update Type/Severity Security Advisory: Low Topic An updated sudo package that fixes multiple security issues and severalbugs is now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact Common ...
Debian CVElist Bug Report Logs: sudo: CVE-2013-1776 potential bypass of sudo tty_tickets constraints
Debian Bug report logs - #701839 sudo: CVE-2013-1776 potential bypass of sudo tty_tickets constraints Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 27 Feb 2013 20:15:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: sudo: CVE-2013-1775 authentication bypass when clock is reset
Debian Bug report logs - #701838 sudo: CVE-2013-1775 authentication bypass when clock is reset Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 27 Feb 2013 20:12:01 UTC Severity: grave Tags: secu ...
Debian Security Advisories: DSA-2642-1 sudo -- several issues
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is set to the UNIX epoch [00:00:00 UTC on 1 ...

References

CWE-264http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0http://www.openwall.com/lists/oss-security/2013/02/27/31http://www.sudo.ws/sudo/alerts/tty_tickets.htmlhttp://www.securityfocus.com/bid/58207http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023https://bugzilla.redhat.com/show_bug.cgi?id=916365http://www.sudo.ws/repos/sudo/rev/632f8e028191http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.htmlhttp://www.debian.org/security/2013/dsa-2642http://rhn.redhat.com/errata/RHSA-2013-1353.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/82453https://access.redhat.com/errata/RHSA-2013:1353https://nvd.nist.govhttps://www.debian.org/security/./dsa-2642
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook