Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2013-2777

Published: 08/04/2013 Updated: 29/08/2017
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mac Os X

Vulnerability Summary

sudo prior to 1.7.10p5 and 1.8.x prior to 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

todd miller sudo 1.7.9p1

todd miller sudo 1.7.9

todd miller sudo 1.7.6

todd miller sudo 1.7.5

todd miller sudo 1.7.4p6

todd miller sudo 1.7.3b1

todd miller sudo 1.7.2p7

todd miller sudo 1.7.1

todd miller sudo 1.6.4

todd miller sudo 1.7.10

todd miller sudo 1.7.6p2

todd miller sudo 1.7.6p1

todd miller sudo 1.7.4p1

todd miller sudo 1.7.4p4

todd miller sudo 1.7.2

todd miller sudo 1.7.2p1

todd miller sudo 1.6.9p20

todd miller sudo 1.6.9p21

todd miller sudo 1.6.7p5

todd miller sudo 1.6.8p12

todd miller sudo 1.7.10p1

todd miller sudo 1.7.10p2

todd miller sudo 1.6.8

todd miller sudo 1.6.3_p7

todd miller sudo 1.6.9

todd miller sudo 1.7.10p3

todd miller sudo

todd miller sudo 1.7.8p2

todd miller sudo 1.7.8p1

todd miller sudo 1.7.4p5

todd miller sudo 1.7.4p2

todd miller sudo 1.7.2p6

todd miller sudo 1.7.2p5

todd miller sudo 1.7.0

todd miller sudo 1.6.9p23

todd miller sudo 1.6.6

todd miller sudo 1.6.7

todd miller sudo 1.6

todd miller sudo 1.6.1

todd miller sudo 1.7.8

todd miller sudo 1.7.7

todd miller sudo 1.7.4p3

todd miller sudo 1.7.4

todd miller sudo 1.7.2p4

todd miller sudo 1.7.2p2

todd miller sudo 1.7.2p3

todd miller sudo 1.6.5

todd miller sudo 1.6.4p2

todd miller sudo 1.6.9p22

todd miller sudo 1.6.2p3

todd miller sudo 1.6.2

todd miller sudo 1.6.3

todd miller sudo 1.3.5

todd miller sudo 1.8.1p2

todd miller sudo 1.8.2

todd miller sudo 1.8.4p3

todd miller sudo 1.8.4p4

todd miller sudo 1.8.6p5

todd miller sudo 1.8.3

todd miller sudo 1.8.3p1

todd miller sudo 1.8.4p5

todd miller sudo 1.8.5

todd miller sudo 1.8.0

todd miller sudo 1.8.3p2

todd miller sudo 1.8.4

todd miller sudo 1.8.6

todd miller sudo 1.8.6p1

todd miller sudo 1.8.6p2

todd miller sudo 1.8.1

todd miller sudo 1.8.1p1

todd miller sudo 1.8.4p1

todd miller sudo 1.8.4p2

todd miller sudo 1.8.6p3

todd miller sudo 1.8.6p4

Vendor Advisories

Red Hat: Low: sudo security, bug fix and enhancement update
Synopsis Low: sudo security, bug fix and enhancement update Type/Severity Security Advisory: Low Topic An updated sudo package that fixes two security issues, several bugs, andadds two enhancements is now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as ha ...
Debian Security Advisories: DSA-2642-1 sudo -- several issues
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is set to the UNIX epoch [00:00:00 UTC on 1 ...
Amazon Linux AMI: ALAS-2013-259
A flaw was found in the way sudo handled time stamp files An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password (CVE-2013-1775) It was found that sudo did not ...

References

CWE-264http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4http://www.openwall.com/lists/oss-security/2013/02/27/31http://www.sudo.ws/sudo/alerts/tty_tickets.htmlhttp://www.securityfocus.com/bid/58207https://bugzilla.redhat.com/show_bug.cgi?id=916365http://www.sudo.ws/repos/sudo/rev/bfa23f089bbahttp://www.debian.org/security/2013/dsa-2642http://rhn.redhat.com/errata/RHSA-2013-1701.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031https://exchange.xforce.ibmcloud.com/vulnerabilities/82453https://access.redhat.com/errata/RHSA-2013:1701https://nvd.nist.govhttps://www.debian.org/security/./dsa-2642
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook