QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-2776

Back to search

CVE-2013-2776

Published: Apr 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

VendorProductVersions

n/a

n/a

affected
n/a

References

58207
vdb-entry
x_refsource_BID
RHSA-2013:1701
vendor-advisory
x_refsource_REDHAT
DSA-2642
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2015-08-13-2
vendor-advisory
x_refsource_APPLE
SSA:2013-065-01
vendor-advisory
x_refsource_SLACKWARE
62741
vdb-entry
x_refsource_BID
RHSA-2013:1353
vendor-advisory
x_refsource_REDHAT
sudo-ttytickets-sec-bypass(82453)
vdb-entry
x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now