QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2777

Published: Apr 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.sudo.ws/repos/sudo/rev/bfa23f089bba

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839

x_refsource_MISC

http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints

mailing-list

x_refsource_MLIST

http://www.sudo.ws/sudo/alerts/tty_tickets.html

x_refsource_CONFIRM

APPLE-SA-2015-08-13-2

vendor-advisory

x_refsource_APPLE

SSA:2013-065-01

vendor-advisory

x_refsource_SLACKWARE

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023

x_refsource_MISC

https://support.apple.com/kb/HT205031

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=916365

x_refsource_MISC

sudo-ttytickets-sec-bypass(82453)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.