CVE-2013-2777

Severity

44%

Complexity

34%

Confidentiality

106%

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-04-08 17:55:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

Apple Mac OS X

Todd Miller Sudo 1.6

1.6

Todd Miller Sudo 1.6.1

1.6.1

Todd Miller Sudo 1.6.2

1.6.2

Todd Miller Sudo 1.6.2p3

1.6.2p3

Todd Miller Sudo 1.6.3

1.6.3

Todd Miller Sudo 1.6.3 p7

1.6.3_p7

Todd Miller Sudo 1.6.4

1.6.4

Todd Miller Sudo 1.6.4p2

1.6.4p2

Todd Miller Sudo 1.6.5

1.6.5

Todd Miller Sudo 1.6.6

1.6.6

Todd Miller Sudo 1.6.7

1.6.7

Todd Miller Sudo 1.6.7p5

1.6.7p5

Todd Miller Sudo 1.6.8

1.6.8

Todd Miller Sudo 1.6.8p12

1.6.8p12

Todd Miller Sudo 1.6.9

1.6.9

Todd Miller Sudo 1.6.9p20

1.6.9p20

Todd Miller Sudo 1.6.9p21

1.6.9p21

Todd Miller Sudo 1.6.9p22

1.6.9p22

Todd Miller Sudo 1.6.9p23

1.6.9p23

Todd Miller Sudo 1.7.0

1.7.0

Todd Miller Sudo 1.7.1

1.7.1

Todd Miller Sudo 1.7.2

1.7.2

Todd Miller Sudo 1.7.2p1

1.7.2p1

Todd Miller Sudo 1.7.2p2

1.7.2p2

Todd Miller Sudo 1.7.2p3

1.7.2p3

Todd Miller Sudo 1.7.2p4

1.7.2p4

Todd Miller Sudo 1.7.2p5

1.7.2p5

Todd Miller Sudo 1.7.2p6

1.7.2p6

Todd Miller Sudo 1.7.2p7

1.7.2p7

Todd Miller Sudo 1.7.3b1

1.7.3b1

Todd Miller Sudo 1.7.4

1.7.4

Todd Miller Sudo 1.7.4p1

1.7.4p1

Todd Miller Sudo 1.7.4p2

1.7.4p2

Todd Miller Sudo 1.7.4p3

1.7.4p3

Todd Miller Sudo 1.7.4p4

1.7.4p4

Todd Miller Sudo 1.7.4p5

1.7.4p5

Todd Miller Sudo 1.7.4p6

1.7.4p6

Todd Miller Sudo 1.7.5

1.7.5

Todd Miller Sudo 1.7.6

1.7.6

Todd Miller Sudo 1.7.6p1

1.7.6p1

Todd Miller Sudo 1.7.6p2

1.7.6p2

Todd Miller Sudo 1.7.7

1.7.7

Todd Miller Sudo 1.7.8

1.7.8

Todd Miller Sudo 1.7.8p1

1.7.8p1

Todd Miller Sudo 1.7.8p2

1.7.8p2

Todd Miller Sudo 1.7.9

1.7.9

Todd Miller Sudo 1.7.9p1

1.7.9p1

Todd Miller Sudo 1.7.10

1.7.10

Todd Miller Sudo 1.7.10p1

1.7.10p1

Todd Miller Sudo 1.7.10p2

1.7.10p2

Todd Miller Sudo 1.7.10p3

1.7.10p3

Todd Miller Sudo 1.8.0

1.8.0

Todd Miller Sudo 1.8.1

1.8.1

Todd Miller Sudo 1.8.1p1

1.8.1p1

Todd Miller Sudo 1.8.1p2

1.8.1p2

Todd Miller Sudo 1.8.2

1.8.2

Todd Miller Sudo 1.8.3

1.8.3

Todd Miller Sudo 1.8.3p1

1.8.3p1

Todd Miller Sudo 1.8.3p2

1.8.3p2

Todd Miller Sudo 1.8.4

1.8.4

Todd Miller Sudo 1.8.4p1

1.8.4p1

Todd Miller Sudo 1.8.4p2

1.8.4p2

Todd Miller Sudo 1.8.4p3

1.8.4p3

Todd Miller Sudo 1.8.4p4

1.8.4p4

Todd Miller Sudo 1.8.4p5

1.8.4p5

Todd Miller Sudo 1.8.5

1.8.5

Todd Miller Sudo 1.8.6

1.8.6

Todd Miller Sudo 1.8.6p1

1.8.6p1

Todd Miller Sudo 1.8.6p2

1.8.6p2

Todd Miller Sudo 1.8.6p3

1.8.6p3

Todd Miller Sudo 1.8.6p4

1.8.6p4

Todd Miller Sudo 1.8.6p5

1.8.6p5

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839

APPLE-SA-2015-08-13-2

RHSA-2013:1701

DSA-2642

[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints

58207

SSA:2013-065-01

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023

https://bugzilla.redhat.com/show_bug.cgi?id=916365

sudo-ttytickets-sec-bypass(82453)

https://support.apple.com/kb/HT205031

Vendor Advisory