CVE-2013-1776

CWE-26413 documents9 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 84.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XTodd Miller Sudo
Timeline
PublishedApr 8
Latest updateMay 17

Description

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of d

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

Debiansudo< 1.8.5p2-1+nmu1+3
NVDtodd_miller/sudo64 versions+63
NVDapple/mac_os_x10.10.4

🔴Vulnerability Details

3
GHSA
GHSA-wjjf-2f85-8256: sudo 12022-05-17
CVEList
CVE-2013-1776: sudo 12013-04-08
OSV
CVE-2013-1776: sudo 12013-04-08

📋Vendor Advisories

5
Red Hat
sudo: bypass of tty_tickets constraints2013-02-27
Red Hat
sudo: bypass of tty_tickets constraints2013-02-27
Red Hat
sudo: bypass of tty_tickets constraints2013-02-27
Debian
CVE-2013-1776: sudo - sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option i...2013
Apple
CVE-2013-1776: OS X Yosemite v10.10.5 and Security Update 2015-006

💬Community

2
Bugzilla
CVE-2013-1776 sudo: bypass of tty_tickets constraints2013-02-27
Bugzilla
CVE-2013-1775 CVE-2013-1776 sudo various flaws [fedora-all]2013-02-27
CVE-2013-1776 (MEDIUM CVSS 4.4) | sudo 1.3.5 through 1.7.10 and 1.8.0 | cvebase.io