Strix
26.1K

CVE-2013-1776

UnknownEPSS 0.38%

Last modified

CVE-2013-1776 is a vulnerability of currently unknown severity. sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Metrics

EPSS Probability
0.38%

29.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AppleMac Os X<= 10.10.4
Todd MillerSudo1.8.0
Todd MillerSudo1.8.1
Todd MillerSudo1.8.1p1
Todd MillerSudo1.8.1p2
Todd MillerSudo1.8.2
Todd MillerSudo1.8.3
Todd MillerSudo1.8.3p1
Todd MillerSudo1.8.3p2
Todd MillerSudo1.8.4
Todd MillerSudo1.8.4p1
Todd MillerSudo1.8.4p2
Todd MillerSudo1.8.4p3
Todd MillerSudo1.8.4p4
Todd MillerSudo1.8.4p5
Todd MillerSudo1.8.5
Todd MillerSudo1.3.5
Todd MillerSudo1.6
Todd MillerSudo1.6.1
Todd MillerSudo1.6.2
Todd MillerSudo1.6.2p3
Todd MillerSudo1.6.3
Todd MillerSudo1.6.3_p7
Todd MillerSudo1.6.4
Todd MillerSudo1.6.4p2
Todd MillerSudo1.6.5
Todd MillerSudo1.6.6
Todd MillerSudo1.6.7
Todd MillerSudo1.6.7p5
Todd MillerSudo1.6.8
Todd MillerSudo1.6.8p12
Todd MillerSudo1.6.9
Todd MillerSudo1.6.9p20
Todd MillerSudo1.6.9p21
Todd MillerSudo1.6.9p22
Todd MillerSudo1.6.9p23
Todd MillerSudo1.7.0
Todd MillerSudo1.7.1
Todd MillerSudo1.7.2
Todd MillerSudo1.7.2p1
Todd MillerSudo1.7.2p2
Todd MillerSudo1.7.2p3
Todd MillerSudo1.7.2p4
Todd MillerSudo1.7.2p5
Todd MillerSudo1.7.2p6
Todd MillerSudo1.7.2p7
Todd MillerSudo1.7.3b1
Todd MillerSudo1.7.4
Todd MillerSudo1.7.4p1
Todd MillerSudo1.7.4p2

Showing 50 of 65 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-1776?
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
How severe is CVE-2013-1776?
Severity scoring for CVE-2013-1776 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.
How do I fix CVE-2013-1776?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1776?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST