Strix
26.1K

CVE-2013-2777

UnknownEPSS 0.37%

Last modified

CVE-2013-2777 is a vulnerability of currently unknown severity. sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.

Description

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Metrics

EPSS Probability
0.37%

28.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AppleMac Os X<= 10.10.4
Todd MillerSudo<= 1.7.10p4
Todd MillerSudo1.3.5
Todd MillerSudo1.6
Todd MillerSudo1.6.1
Todd MillerSudo1.6.2
Todd MillerSudo1.6.2p3
Todd MillerSudo1.6.3
Todd MillerSudo1.6.3_p7
Todd MillerSudo1.6.4
Todd MillerSudo1.6.4p2
Todd MillerSudo1.6.5
Todd MillerSudo1.6.6
Todd MillerSudo1.6.7
Todd MillerSudo1.6.7p5
Todd MillerSudo1.6.8
Todd MillerSudo1.6.8p12
Todd MillerSudo1.6.9
Todd MillerSudo1.6.9p20
Todd MillerSudo1.6.9p21
Todd MillerSudo1.6.9p22
Todd MillerSudo1.6.9p23
Todd MillerSudo1.7.0
Todd MillerSudo1.7.1
Todd MillerSudo1.7.2
Todd MillerSudo1.7.2p1
Todd MillerSudo1.7.2p2
Todd MillerSudo1.7.2p3
Todd MillerSudo1.7.2p4
Todd MillerSudo1.7.2p5
Todd MillerSudo1.7.2p6
Todd MillerSudo1.7.2p7
Todd MillerSudo1.7.3b1
Todd MillerSudo1.7.4
Todd MillerSudo1.7.4p1
Todd MillerSudo1.7.4p2
Todd MillerSudo1.7.4p3
Todd MillerSudo1.7.4p4
Todd MillerSudo1.7.4p5
Todd MillerSudo1.7.4p6
Todd MillerSudo1.7.5
Todd MillerSudo1.7.6
Todd MillerSudo1.7.6p1
Todd MillerSudo1.7.6p2
Todd MillerSudo1.7.7
Todd MillerSudo1.7.8
Todd MillerSudo1.7.8p1
Todd MillerSudo1.7.8p2
Todd MillerSudo1.7.9
Todd MillerSudo1.7.9p1

Showing 50 of 75 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-2777?
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
How severe is CVE-2013-2777?
Severity scoring for CVE-2013-2777 is pending analysis. The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.
How do I fix CVE-2013-2777?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2777?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST